admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-26 15:00:34 +00:00
parent c68925f10e
commit 2b54546c9e
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 572 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
2022/21xxx/CVE-2022-21951.json
View File

@ -1,15 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2022-05-25T00:00:00.000Z",
"ID": "CVE-2022-21951",
"STATE": "PUBLIC",
"TITLE": "Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
@ -23,87 +46,53 @@
}
]
}
},
{
"product_name": "Rancher",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Rancher",
"version_value": "2.6.5"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5."
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1199443",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1199443"
},
{
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c",
"refsource": "MISC",
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1199443",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1199443"
},
{
"name": "https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c",
"refsource": "CONFIRM",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1199443",
"defect": [
"1199443"
],
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
]
}
}

113
2022/21xxx/CVE-2022-21952.json
View File

@ -1,15 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2022-06-20T00:00:00.000Z",
"ID": "CVE-2022-21952",
"STATE": "PUBLIC",
"TITLE": "SUMA unauthenticated remote DoS via resource exhaustion"
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SUSE",
"product": {
"product_data": [
{
@ -37,74 +60,52 @@
}
}
]
},
"vendor_name": "SUSE"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Paolo Perego from SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37."
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1199512",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1199512"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1199512",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1199512"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1199512",
"defect": [
"1199512"
],
"discovery": "INTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Paolo Perego from SUSE"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
}

10
2023/20xxx/CVE-2023-20593.json
View File

@ -253,6 +253,16 @@
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/15",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
},
{
"url": "https://cmpxchg8b.com/zenbleed.html",
"refsource": "MISC",
"name": "https://cmpxchg8b.com/zenbleed.html"
}
]
},

103
2023/23xxx/CVE-2023-23842.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23842",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@solarwinds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SolarWinds",
"product": {
"product_data": [
{
"product_name": "Network Configuration Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2023.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23842",
"refsource": "MISC",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23842"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-3_release_notes.htm",
"refsource": "MISC",
"name": "https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-3_release_notes.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Network Configuration Manager customers are advised to upgrade to the latest version of the SolarWinds Network Configuration Manager version 2023.3<br>"
}
],
"value": "All SolarWinds Network Configuration Manager customers are advised to upgrade to the latest version of the SolarWinds Network Configuration Manager version 2023.3\n"
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

103
2023/33xxx/CVE-2023-33229.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@solarwinds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SolarWinds",
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2023.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33229",
"refsource": "MISC",
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-33229"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm",
"refsource": "MISC",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3<br>"
}
],
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3\n"
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Juampa Rodriguez (@UnD3sc0n0c1d0) for reporting on the issue in a responsible manner."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

101
2023/33xxx/CVE-2023-33308.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.2"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.9"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-183",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-183"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:C"
}
]
}

5
2023/39xxx/CVE-2023-39151.json
View File

@ -73,6 +73,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/26/2"
}
]
}

5
2023/39xxx/CVE-2023-39152.json
View File

@ -57,6 +57,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3208",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3208"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/26/2"
}
]
}

5
2023/39xxx/CVE-2023-39153.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-2696",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-2696"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/26/2"
}
]
}

5
2023/39xxx/CVE-2023-39154.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3012",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3012"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/26/2"
}
]
}

5
2023/39xxx/CVE-2023-39155.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3192",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3192"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/26/2"
}
]
}

5
2023/39xxx/CVE-2023-39156.json
View File

@ -58,6 +58,11 @@
"url": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3095",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3095"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/26/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/07/26/2"
}
]
}

102
2023/3xxx/CVE-2023-3622.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3622",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@solarwinds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SolarWinds ",
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2023.2 and previous versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm",
"refsource": "MISC",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-3622",
"refsource": "MISC",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-3622"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "USER"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3<br><br>"
}
],
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.3\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds would like to thank Alex Shepard reporting this issue in a responsible manner."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

39
2023/3xxx/CVE-2023-3637.json
View File

@ -55,6 +55,27 @@
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat OpenStack Platform 16.2",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1:15.3.5-2.20230216175503.el8ost",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 13 (Queens) Operational Tools",
"version": {
@ -81,19 +102,6 @@
]
}
},
{
"product_name": "Red Hat OpenStack Platform 16.2",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat OpenStack Platform 17.0",
"version": {
@ -141,6 +149,11 @@
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:4283",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:4283"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3637",
"refsource": "MISC",