admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-06-24 17:00:48 +00:00
parent 78626f0052
commit 29048ad6e9
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
16 changed files with 1251 additions and 933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
2021/20xxx/CVE-2021-20355.json
View File

@ -1,102 +1,102 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891."
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6597583",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6597583",
"title" : "IBM Security Bulletin 6597583 (Jazz Team Server)"
},
{
"refsource" : "XF",
"name" : "ibm-jazz-cve202120355-info-disc (194891)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/194891",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Jazz Team Server"
}
]
}
"lang": "eng",
"value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891."
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ID" : "CVE-2021-20355"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6597583",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6597583",
"title": "IBM Security Bulletin 6597583 (Jazz Team Server)"
},
{
"refsource": "XF",
"name": "ibm-jazz-cve202120355-info-disc (194891)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194891",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Jazz Team Server"
}
]
}
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"I" : "N",
"C" : "L",
"SCORE" : "3.700",
"AV" : "N",
"UI" : "N",
"S" : "U",
"AC" : "H",
"A" : "N",
"PR" : "N"
}
}
}
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ID": "CVE-2021-20355"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"I": "N",
"C": "L",
"SCORE": "3.700",
"AV": "N",
"UI": "N",
"S": "U",
"AC": "H",
"A": "N",
"PR": "N"
}
}
}
}

198
2021/20xxx/CVE-2021-20543.json
View File

@ -1,102 +1,102 @@
{
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6597515 (Jazz Team Server)",
"url" : "https://www.ibm.com/support/pages/node/6597515",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6597515"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198929",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-jazz-cve202120543-html-injection (198929)",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"S" : "C",
"AC" : "L",
"A" : "N",
"PR" : "L",
"AV" : "N",
"UI" : "R",
"C" : "L",
"SCORE" : "5.400",
"I" : "L"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Jazz Team Server"
}
]
}
"title": "IBM Security Bulletin 6597515 (Jazz Team Server)",
"url": "https://www.ibm.com/support/pages/node/6597515",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6597515"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198929",
"title": "X-Force Vulnerability Report",
"name": "ibm-jazz-cve202120543-html-injection (198929)",
"refsource": "XF"
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ID" : "CVE-2021-20543",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
}
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"S": "C",
"AC": "L",
"A": "N",
"PR": "L",
"AV": "N",
"UI": "R",
"C": "L",
"SCORE": "5.400",
"I": "L"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Jazz Team Server"
}
]
}
}
]
}
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ID": "CVE-2021-20543",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
}
}

198
2021/20xxx/CVE-2021-20544.json
View File

@ -1,102 +1,102 @@
{
"data_version" : "4.0",
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6597513",
"title" : "IBM Security Bulletin 6597513 (Jazz Team Server)",
"name" : "https://www.ibm.com/support/pages/node/6597513",
"refsource" : "CONFIRM"
},
{
"refsource" : "XF",
"name" : "ibm-jazz-cve20212044-ssrf (198931)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198931"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"C" : "L",
"I" : "L",
"PR" : "L",
"A" : "N",
"S" : "U",
"AC" : "L",
"UI" : "N",
"AV" : "N"
},
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Jazz Team Server",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
}
"url": "https://www.ibm.com/support/pages/node/6597513",
"title": "IBM Security Bulletin 6597513 (Jazz Team Server)",
"name": "https://www.ibm.com/support/pages/node/6597513",
"refsource": "CONFIRM"
},
{
"refsource": "XF",
"name": "ibm-jazz-cve20212044-ssrf (198931)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198931"
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ID" : "CVE-2021-20544",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
}
}
]
},
"description": {
"description_data": [
{
"value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.400",
"C": "L",
"I": "L",
"PR": "L",
"A": "N",
"S": "U",
"AC": "L",
"UI": "N",
"AV": "N"
},
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Jazz Team Server",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
}
}
]
}
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ID": "CVE-2021-20544",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
}
}

198
2021/20xxx/CVE-2021-20551.json
View File

@ -1,102 +1,102 @@
{
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6597511",
"title" : "IBM Security Bulletin 6597511 (Jazz Team Server)",
"url" : "https://www.ibm.com/support/pages/node/6597511"
},
{
"name" : "ibm-jazz-cve202120551-info-disc (199169)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/199169",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"S" : "U",
"A" : "N",
"AC" : "L",
"PR" : "N",
"UI" : "N",
"AV" : "L",
"SCORE" : "4.000",
"C" : "L",
"I" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2021-20551",
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Jazz Team Server"
}
]
}
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6597511",
"title": "IBM Security Bulletin 6597511 (Jazz Team Server)",
"url": "https://www.ibm.com/support/pages/node/6597511"
},
{
"name": "ibm-jazz-cve202120551-info-disc (199169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199169",
"title": "X-Force Vulnerability Report"
}
]
}
}
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"A": "N",
"AC": "L",
"PR": "N",
"UI": "N",
"AV": "L",
"SCORE": "4.000",
"C": "L",
"I": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2021-20551",
"DATE_PUBLIC": "2022-06-22T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Jazz Team Server"
}
]
}
}
]
}
}
}

198
2021/29xxx/CVE-2021-29865.json
View File

@ -1,102 +1,102 @@
{
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6597505",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6597505",
"title" : "IBM Security Bulletin 6597505 (Jazz Team Server)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/206091",
"refsource" : "XF",
"name" : "ibm-jazz-cve202129865-clickjacking (206091)"
}
]
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"UI" : "R",
"AV" : "N",
"AC" : "L",
"S" : "C",
"A" : "N",
"PR" : "L",
"I" : "L",
"SCORE" : "5.400",
"C" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Jazz Team Server",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"name": "https://www.ibm.com/support/pages/node/6597505",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6597505",
"title": "IBM Security Bulletin 6597505 (Jazz Team Server)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206091",
"refsource": "XF",
"name": "ibm-jazz-cve202129865-clickjacking (206091)"
}
]
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ID" : "CVE-2021-29865",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_type" : "CVE"
}
]
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"UI": "R",
"AV": "N",
"AC": "L",
"S": "C",
"A": "N",
"PR": "L",
"I": "L",
"SCORE": "5.400",
"C": "L"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jazz Team Server",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ID": "CVE-2021-29865",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_type": "CVE"
}

196
2021/38xxx/CVE-2021-38871.json
View File

@ -1,102 +1,102 @@
{
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6597503 (Jazz Team Server)",
"url" : "https://www.ibm.com/support/pages/node/6597503",
"name" : "https://www.ibm.com/support/pages/node/6597503",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/208345",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-jazz-cve202138871-xss (208345)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38871",
"DATE_PUBLIC" : "2022-06-22T00:00:00"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Jazz Team Server"
}
]
}
"value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.",
"lang": "eng"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6597503 (Jazz Team Server)",
"url": "https://www.ibm.com/support/pages/node/6597503",
"name": "https://www.ibm.com/support/pages/node/6597503",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/208345",
"title": "X-Force Vulnerability Report",
"name": "ibm-jazz-cve202138871-xss (208345)",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38871",
"DATE_PUBLIC": "2022-06-22T00:00:00"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Jazz Team Server"
}
]
}
}
]
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "R",
"AV" : "N",
"S" : "C",
"AC" : "L",
"A" : "N",
"PR" : "L",
"I" : "L",
"SCORE" : "5.400",
"C" : "L"
},
"TM" : {
"E" : "H",
"RL" : "O",
"RC" : "C"
}
}
}
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "R",
"AV": "N",
"S": "C",
"AC": "L",
"A": "N",
"PR": "L",
"I": "L",
"SCORE": "5.400",
"C": "L"
},
"TM": {
"E": "H",
"RL": "O",
"RC": "C"
}
}
}
}

198
2021/38xxx/CVE-2021-38879.json
View File

@ -1,102 +1,102 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"SCORE" : "3.700",
"C" : "L",
"I" : "N",
"S" : "U",
"AC" : "H",
"A" : "N",
"PR" : "N",
"UI" : "N",
"AV" : "N"
}
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2022-06-22T00:00:00",
"ID" : "CVE-2021-38879"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Jazz Team Server",
"version" : {
"version_data" : [
{
"version_value" : "6.0.6"
},
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6597501",
"url" : "https://www.ibm.com/support/pages/node/6597501",
"title" : "IBM Security Bulletin 6597501 (Jazz Team Server)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/209057",
"name" : "ibm-jazz-cve202138879-info-disc (209057)",
"refsource" : "XF"
}
]
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.",
"lang" : "eng"
}
]
}
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"SCORE": "3.700",
"C": "L",
"I": "N",
"S": "U",
"AC": "H",
"A": "N",
"PR": "N",
"UI": "N",
"AV": "N"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-06-22T00:00:00",
"ID": "CVE-2021-38879"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jazz Team Server",
"version": {
"version_data": [
{
"version_value": "6.0.6"
},
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6597501",
"url": "https://www.ibm.com/support/pages/node/6597501",
"title": "IBM Security Bulletin 6597501 (Jazz Team Server)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209057",
"name": "ibm-jazz-cve202138879-info-disc (209057)",
"refsource": "XF"
}
]
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057.",
"lang": "eng"
}
]
}
}

56
2021/39xxx/CVE-2021-39408.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-39408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/StefanDorresteijn/CVE-2021-39408",
"url": "https://github.com/StefanDorresteijn/CVE-2021-39408"
}
]
}

56
2021/39xxx/CVE-2021-39409.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-39409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/StefanDorresteijn/CVE-2021-39409",
"url": "https://github.com/StefanDorresteijn/CVE-2021-39409"
}
]
}

56
2021/40xxx/CVE-2021-40893.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yetingli/SaveResults/blob/main/js/validate-data.js",
"refsource": "MISC",
"name": "https://github.com/yetingli/SaveResults/blob/main/js/validate-data.js"
}
]
}

56
2021/42xxx/CVE-2021-42056.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42056",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/z00z00z00/Safenet_SAC_CVE-2021-42056",
"url": "https://github.com/z00z00z00/Safenet_SAC_CVE-2021-42056"
}
]
}

200
2022/22xxx/CVE-2022-22389.json
View File

@ -1,102 +1,102 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
},
"product_name" : "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6598047 (DB2 for Linux, UNIX and Windows)",
"name" : "https://www.ibm.com/support/pages/node/6598047",
"url" : "https://www.ibm.com/support/pages/node/6598047",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve202222389-dos (221970)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "6.500",
"UI" : "N",
"PR" : "L",
"AC" : "L",
"A" : "H",
"C" : "N",
"AV" : "N",
"S" : "U",
"I" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
},
"product_name": "DB2 for Linux, UNIX and Windows"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2022-22389",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2022-06-23T00:00:00"
}
}
}
},
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740."
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6598047 (DB2 for Linux, UNIX and Windows)",
"name": "https://www.ibm.com/support/pages/node/6598047",
"url": "https://www.ibm.com/support/pages/node/6598047",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-db2-cve202222389-dos (221970)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"SCORE": "6.500",
"UI": "N",
"PR": "L",
"AC": "L",
"A": "H",
"C": "N",
"AV": "N",
"S": "U",
"I": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2022-22389",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-23T00:00:00"
}
}

200
2022/22xxx/CVE-2022-22390.json
View File

@ -1,102 +1,102 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DB2 for Linux, UNIX and Windows",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "10.1"
},
{
"version_value" : "9.7"
},
{
"version_value" : "11.1"
},
{
"version_value" : "11.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6597993",
"name" : "https://www.ibm.com/support/pages/node/6597993",
"title" : "IBM Security Bulletin 6597993 (DB2 for Linux, UNIX and Windows)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-db2-cve202222390-info-disc (221973)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AC" : "L",
"PR" : "N",
"UI" : "N",
"SCORE" : "6.200",
"A" : "N",
"C" : "H",
"I" : "N",
"S" : "U",
"AV" : "L"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DB2 for Linux, UNIX and Windows",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "10.1"
},
{
"version_value": "9.7"
},
{
"version_value": "11.1"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2022-06-23T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2022-22390",
"STATE" : "PUBLIC"
}
}
}
},
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.",
"lang": "eng"
}
]
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6597993",
"name": "https://www.ibm.com/support/pages/node/6597993",
"title": "IBM Security Bulletin 6597993 (DB2 for Linux, UNIX and Windows)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-db2-cve202222390-info-disc (221973)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AC": "L",
"PR": "N",
"UI": "N",
"SCORE": "6.200",
"A": "N",
"C": "H",
"I": "N",
"S": "U",
"AV": "L"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2022-06-23T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-22390",
"STATE": "PUBLIC"
}
}

56
2022/29xxx/CVE-2022-29578.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29578",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-29578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-165-02",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-165-02"
}
]
}

56
2022/30xxx/CVE-2022-30028.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-30028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://dradisframework.com/ce/security_reports.html",
"url": "https://dradisframework.com/ce/security_reports.html"
}
]
}

66
2022/33xxx/CVE-2022-33910.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-33910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mantisbt.org/bugs/view.php?id=29135",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=29135"
},
{
"url": "https://mantisbt.org/bugs/view.php?id=30384",
"refsource": "MISC",
"name": "https://mantisbt.org/bugs/view.php?id=30384"
},
{
"refsource": "CONFIRM",
"name": "https://mantisbt.org/blog/archives/mantisbt/719",
"url": "https://mantisbt.org/blog/archives/mantisbt/719"
}
]
}