mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
405439fef8
commit
2c9730181e
@ -61,6 +61,11 @@
|
|||||||
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
|
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
|
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html",
|
||||||
|
"url": "http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -61,6 +61,11 @@
|
|||||||
"name": "https://moodle.org/mod/forum/discuss.php?d=238399",
|
"name": "https://moodle.org/mod/forum/discuss.php?d=238399",
|
||||||
"refsource": "CONFIRM",
|
"refsource": "CONFIRM",
|
||||||
"url": "https://moodle.org/mod/forum/discuss.php?d=238399"
|
"url": "https://moodle.org/mod/forum/discuss.php?d=238399"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html",
|
||||||
|
"url": "http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -19,106 +19,7 @@
|
|||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value": "UN462A R1.300 and prior to it"
|
"version_value": "UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it"
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN462VA R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN492S R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN492VS R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552A R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552S R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552VS R1.300 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552 R1.300 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552V R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UX552S R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552 R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V864Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C861Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P754Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V754Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C751Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V964Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C961Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P654Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V654Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C651Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V554Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P404 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P484 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P554 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V404 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V484 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V554 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V404-T R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V484-T R3.300 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V554-T R3.300 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C501 R2.100 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C551 R2.100 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C431 R2.100 and prior"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -147,11 +48,6 @@
|
|||||||
"url": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html",
|
"url": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html"
|
"name": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html"
|
||||||
},
|
|
||||||
{
|
|
||||||
"refsource": "JVN",
|
|
||||||
"name": "JVN#42866574",
|
|
||||||
"url": "http://jvn.jp/en/jp/JVN42866574/index.html"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -159,7 +55,7 @@
|
|||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.300 and prior to it, P484 R3.300 and prior to it, P554 R3.300 and prior to it, V404 R3.300 and prior to it, V484 R3.300 and prior to it, V554 R3.300 and prior to it, V404-T R3.300 and prior to it, V484-T R3.300 and prior to it, V554-T R3.300 and prior to it, C501 R2.100 and prior to it, C551 R2.100 and prior to it, C431 R2.100 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request."
|
"value": "Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -19,106 +19,7 @@
|
|||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_value": "UN462A R1.300 and prior to it"
|
"version_value": "(UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it"
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN462VA R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN492S R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN492VS R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552A R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552S R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552VS R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552 R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552V R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UX552S R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "UN552 R1.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V864Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C861Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P754Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V754Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C751Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V964Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C961Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P654Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V654Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C651Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V554Q R2.000 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P404 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P484 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "P554 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V404 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V484 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V554 R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V404-T R3.300 and prior to it"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V484-T R3.300 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "V554-T R3.300 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C501 R2.100 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C551 R2.100 and prior"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"version_value": "C431 R2.100 and prior"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -147,11 +48,6 @@
|
|||||||
"url": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html",
|
"url": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html",
|
||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html"
|
"name": "https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html"
|
||||||
},
|
|
||||||
{
|
|
||||||
"refsource": "JVN",
|
|
||||||
"name": "JVN#42866574",
|
|
||||||
"url": "http://jvn.jp/en/jp/JVN42866574/index.html"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -159,7 +55,7 @@
|
|||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.300 and prior to it, P484 R3.300 and prior to it, P554 R3.300 and prior to it, V404 R3.300 and prior to it, V484 R3.300 and prior to it, V554 R3.300 and prior to it, V404-T R3.300 and prior to it, V484-T R3.300 and prior to it, V554-T R3.300 and prior to it, C501 R2.100 and prior to it, C551 R2.100 and prior to it, C431 R2.100 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request."
|
"value": "Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -48,6 +48,11 @@
|
|||||||
"refsource": "MISC",
|
"refsource": "MISC",
|
||||||
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277",
|
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277",
|
||||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277"
|
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html",
|
||||||
|
"url": "http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -4,14 +4,58 @@
|
|||||||
"data_version": "4.0",
|
"data_version": "4.0",
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ID": "CVE-2021-27003",
|
"ID": "CVE-2021-27003",
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"ASSIGNER": "security-alert@netapp.com",
|
||||||
"STATE": "RESERVED"
|
"STATE": "PUBLIC"
|
||||||
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"vendor_name": "n/a",
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "Clustered Data ONTAP",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "Versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "Clickjacking attack"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://security.netapp.com/advisory/ntap-20211012-0001/",
|
||||||
|
"url": "https://security.netapp.com/advisory/ntap-20211012-0001/"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,182 +1,182 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER": "security@tibco.com",
|
"ASSIGNER": "security@tibco.com",
|
||||||
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
|
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
|
||||||
"ID": "CVE-2021-35494",
|
"ID": "CVE-2021-35494",
|
||||||
"STATE": "PUBLIC",
|
"STATE": "PUBLIC",
|
||||||
"TITLE": "TIBCO JasperReports unauthorized access to temporary object"
|
"TITLE": "TIBCO JasperReports unauthorized access to temporary object"
|
||||||
},
|
},
|
||||||
"affects": {
|
"affects": {
|
||||||
"vendor": {
|
"vendor": {
|
||||||
"vendor_data": [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product": {
|
"product": {
|
||||||
"product_data": [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.2.1"
|
"version_value": "7.2.1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.5.0"
|
"version_value": "7.5.0"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.5.1"
|
"version_value": "7.5.1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server - Community Edition",
|
"product_name": "TIBCO JasperReports Server - Community Edition",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
|
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name": "TIBCO Software Inc."
|
"vendor_name": "TIBCO Software Inc."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"data_format": "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type": "CVE",
|
"data_type": "CVE",
|
||||||
"data_version": "4.0",
|
"data_version": "4.0",
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system.\n\nAffected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.\n"
|
"value": "The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contain a race condition that allows a low privileged authenticated attacker via the REST API to obtain read access to temporary objects created by other users on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"impact": {
|
"impact": {
|
||||||
"cvss": {
|
"cvss": {
|
||||||
"attackComplexity": "LOW",
|
"attackComplexity": "LOW",
|
||||||
"attackVector": "NETWORK",
|
"attackVector": "NETWORK",
|
||||||
"availabilityImpact": "NONE",
|
"availabilityImpact": "NONE",
|
||||||
"baseScore": 5.7,
|
"baseScore": 5.7,
|
||||||
"baseSeverity": "MEDIUM",
|
"baseSeverity": "MEDIUM",
|
||||||
"confidentialityImpact": "HIGH",
|
"confidentialityImpact": "HIGH",
|
||||||
"integrityImpact": "NONE",
|
"integrityImpact": "NONE",
|
||||||
"privilegesRequired": "LOW",
|
"privilegesRequired": "LOW",
|
||||||
"scope": "UNCHANGED",
|
"scope": "UNCHANGED",
|
||||||
"userInteraction": "REQUIRED",
|
"userInteraction": "REQUIRED",
|
||||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
|
||||||
"version": "3.0"
|
"version": "3.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"problemtype": {
|
"problemtype": {
|
||||||
"problemtype_data": [
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "Successful execution of this vulnerability results in the attacker gaining unauthorized read access to the data of other users on the affected system."
|
"value": "Successful execution of this vulnerability results in the attacker gaining unauthorized read access to the data of other users on the affected system."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"references": {
|
"references": {
|
||||||
"reference_data": [
|
"reference_data": [
|
||||||
{
|
{
|
||||||
"name": "https://www.tibco.com/services/support/advisories",
|
"name": "https://www.tibco.com/services/support/advisories",
|
||||||
"refsource": "CONFIRM",
|
"refsource": "CONFIRM",
|
||||||
"url": "https://www.tibco.com/services/support/advisories"
|
"url": "https://www.tibco.com/services/support/advisories"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"solution": [
|
"solution": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
|
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": {
|
"source": {
|
||||||
"discovery": "INTERNAL"
|
"discovery": "INTERNAL"
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,182 +1,182 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER": "security@tibco.com",
|
"ASSIGNER": "security@tibco.com",
|
||||||
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
|
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
|
||||||
"ID": "CVE-2021-35495",
|
"ID": "CVE-2021-35495",
|
||||||
"STATE": "PUBLIC",
|
"STATE": "PUBLIC",
|
||||||
"TITLE": "TIBCO JasperReports FTP Password exposed"
|
"TITLE": "TIBCO JasperReports FTP Password exposed"
|
||||||
},
|
},
|
||||||
"affects": {
|
"affects": {
|
||||||
"vendor": {
|
"vendor": {
|
||||||
"vendor_data": [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product": {
|
"product": {
|
||||||
"product_data": [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.2.1"
|
"version_value": "7.2.1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.5.0"
|
"version_value": "7.5.0"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.5.1"
|
"version_value": "7.5.1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server - Community Edition",
|
"product_name": "TIBCO JasperReports Server - Community Edition",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
|
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name": "TIBCO Software Inc."
|
"vendor_name": "TIBCO Software Inc."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"data_format": "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type": "CVE",
|
"data_type": "CVE",
|
||||||
"data_version": "4.0",
|
"data_version": "4.0",
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system.\n\nAffected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.\n"
|
"value": "The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"impact": {
|
"impact": {
|
||||||
"cvss": {
|
"cvss": {
|
||||||
"attackComplexity": "LOW",
|
"attackComplexity": "LOW",
|
||||||
"attackVector": "NETWORK",
|
"attackVector": "NETWORK",
|
||||||
"availabilityImpact": "HIGH",
|
"availabilityImpact": "HIGH",
|
||||||
"baseScore": 9,
|
"baseScore": 9,
|
||||||
"baseSeverity": "CRITICAL",
|
"baseSeverity": "CRITICAL",
|
||||||
"confidentialityImpact": "HIGH",
|
"confidentialityImpact": "HIGH",
|
||||||
"integrityImpact": "HIGH",
|
"integrityImpact": "HIGH",
|
||||||
"privilegesRequired": "LOW",
|
"privilegesRequired": "LOW",
|
||||||
"scope": "CHANGED",
|
"scope": "CHANGED",
|
||||||
"userInteraction": "REQUIRED",
|
"userInteraction": "REQUIRED",
|
||||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
|
||||||
"version": "3.0"
|
"version": "3.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"problemtype": {
|
"problemtype": {
|
||||||
"problemtype_data": [
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "Successful execution of this vulnerability can result in an attacker gaining access to the victim’s FTP server at the privilege level of the victim."
|
"value": "Successful execution of this vulnerability can result in an attacker gaining access to the victim\u2019s FTP server at the privilege level of the victim."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"references": {
|
"references": {
|
||||||
"reference_data": [
|
"reference_data": [
|
||||||
{
|
{
|
||||||
"name": "https://www.tibco.com/services/support/advisories",
|
"name": "https://www.tibco.com/services/support/advisories",
|
||||||
"refsource": "CONFIRM",
|
"refsource": "CONFIRM",
|
||||||
"url": "https://www.tibco.com/services/support/advisories"
|
"url": "https://www.tibco.com/services/support/advisories"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"solution": [
|
"solution": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
|
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": {
|
"source": {
|
||||||
"discovery": "INTERNAL"
|
"discovery": "INTERNAL"
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,188 +1,188 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ASSIGNER": "security@tibco.com",
|
"ASSIGNER": "security@tibco.com",
|
||||||
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
|
"DATE_PUBLIC": "2021-10-12T17:00:00Z",
|
||||||
"ID": "CVE-2021-35496",
|
"ID": "CVE-2021-35496",
|
||||||
"STATE": "PUBLIC",
|
"STATE": "PUBLIC",
|
||||||
"TITLE": "TIBCO JasperReports XML Eternal Entity (XXE) vulnerability"
|
"TITLE": "TIBCO JasperReports XML Eternal Entity (XXE) vulnerability"
|
||||||
},
|
},
|
||||||
"affects": {
|
"affects": {
|
||||||
"vendor": {
|
"vendor": {
|
||||||
"vendor_data": [
|
"vendor_data": [
|
||||||
{
|
{
|
||||||
"product": {
|
"product": {
|
||||||
"product_data": [
|
"product_data": [
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.2.1"
|
"version_value": "7.2.1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.5.0"
|
"version_value": "7.5.0"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.5.1"
|
"version_value": "7.5.1"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server",
|
"product_name": "TIBCO JasperReports Server",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server - Community Edition",
|
"product_name": "TIBCO JasperReports Server - Community Edition",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
"product_name": "TIBCO JasperReports Server - Developer Edition",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
"product_name": "TIBCO JasperReports Server for AWS Marketplace",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
|
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "<=",
|
"version_affected": "<=",
|
||||||
"version_value": "7.9.0"
|
"version_value": "7.9.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
"product_name": "TIBCO JasperReports Server for Microsoft Azure",
|
||||||
"version": {
|
"version": {
|
||||||
"version_data": [
|
"version_data": [
|
||||||
{
|
{
|
||||||
"version_affected": "=",
|
"version_affected": "=",
|
||||||
"version_value": "7.8.0"
|
"version_value": "7.8.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name": "TIBCO Software Inc."
|
"vendor_name": "TIBCO Software Inc."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"credit": [
|
"credit": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "TIBCO would like to extend its appreciation to Dr. Florian Hauser, CODE WHITE GmbH for discovery of this vulnerability."
|
"value": "TIBCO would like to extend its appreciation to Dr. Florian Hauser, CODE WHITE GmbH for discovery of this vulnerability."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"data_format": "MITRE",
|
"data_format": "MITRE",
|
||||||
"data_type": "CVE",
|
"data_type": "CVE",
|
||||||
"data_version": "4.0",
|
"data_version": "4.0",
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker.\n\nAffected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.\n"
|
"value": "The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"impact": {
|
"impact": {
|
||||||
"cvss": {
|
"cvss": {
|
||||||
"attackComplexity": "HIGH",
|
"attackComplexity": "HIGH",
|
||||||
"attackVector": "NETWORK",
|
"attackVector": "NETWORK",
|
||||||
"availabilityImpact": "LOW",
|
"availabilityImpact": "LOW",
|
||||||
"baseScore": 4.6,
|
"baseScore": 4.6,
|
||||||
"baseSeverity": "MEDIUM",
|
"baseSeverity": "MEDIUM",
|
||||||
"confidentialityImpact": "LOW",
|
"confidentialityImpact": "LOW",
|
||||||
"integrityImpact": "LOW",
|
"integrityImpact": "LOW",
|
||||||
"privilegesRequired": "LOW",
|
"privilegesRequired": "LOW",
|
||||||
"scope": "UNCHANGED",
|
"scope": "UNCHANGED",
|
||||||
"userInteraction": "REQUIRED",
|
"userInteraction": "REQUIRED",
|
||||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
|
||||||
"version": "3.0"
|
"version": "3.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"problemtype": {
|
"problemtype": {
|
||||||
"problemtype_data": [
|
"problemtype_data": [
|
||||||
{
|
{
|
||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of the affected systems data and the ability to cause a partial denial of service (partial DOS) on the affected system."
|
"value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of the affected systems data and the ability to cause a partial denial of service (partial DOS) on the affected system."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"references": {
|
"references": {
|
||||||
"reference_data": [
|
"reference_data": [
|
||||||
{
|
{
|
||||||
"name": "https://www.tibco.com/services/support/advisories",
|
"name": "https://www.tibco.com/services/support/advisories",
|
||||||
"refsource": "CONFIRM",
|
"refsource": "CONFIRM",
|
||||||
"url": "https://www.tibco.com/services/support/advisories"
|
"url": "https://www.tibco.com/services/support/advisories"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"solution": [
|
"solution": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
|
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO JasperReports Server versions 7.2.1 and below update to version 7.2.2 or later\nTIBCO JasperReports Server versions 7.5.0 and 7.5.1 update to version 7.5.2 or later\nTIBCO JasperReports Server version 7.8.0 update to version 7.8.1 or later\nTIBCO JasperReports Server version 7.9.0 update to version 7.9.1 or later\nTIBCO JasperReports Server - Community Edition versions 7.8.0 and below update to version 7.8.1 or later\nTIBCO JasperReports Server - Developer Edition versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for AWS Marketplace versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for ActiveMatrix BPM versions 7.9.0 and below update to version 7.9.1 or later\nTIBCO JasperReports Server for Microsoft Azure version 7.8.0 update to version 7.9.1 or later"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": {
|
"source": {
|
||||||
"discovery": "Dr. Florian Hauser, CODE WHITE GmbH"
|
"discovery": "Dr. Florian Hauser, CODE WHITE GmbH"
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -4,14 +4,68 @@
|
|||||||
"data_version": "4.0",
|
"data_version": "4.0",
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ID": "CVE-2021-3671",
|
"ID": "CVE-2021-3671",
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"ASSIGNER": "secalert@redhat.com",
|
||||||
"STATE": "RESERVED"
|
"STATE": "PUBLIC"
|
||||||
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"vendor_name": "n/a",
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "Samba",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "Fixed in samba 4.13.12, samba 4.14.8"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "CWE-476"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2013080,",
|
||||||
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013080,"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://bugzilla.samba.org/show_bug.cgi?id=14770,",
|
||||||
|
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14770,"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a",
|
||||||
|
"url": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,17 +1,61 @@
|
|||||||
{
|
{
|
||||||
"data_type": "CVE",
|
|
||||||
"data_format": "MITRE",
|
|
||||||
"data_version": "4.0",
|
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ID": "CVE-2021-40292",
|
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"STATE": "RESERVED"
|
"ID": "CVE-2021-40292",
|
||||||
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "n/a",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"vendor_name": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"data_format": "MITRE",
|
||||||
|
"data_type": "CVE",
|
||||||
|
"data_version": "4.0",
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/zyx0814/dzzoffice/issues/195",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://github.com/zyx0814/dzzoffice/issues/195"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -1,17 +1,61 @@
|
|||||||
{
|
{
|
||||||
"data_type": "CVE",
|
|
||||||
"data_format": "MITRE",
|
|
||||||
"data_version": "4.0",
|
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta": {
|
||||||
"ID": "CVE-2021-40618",
|
|
||||||
"ASSIGNER": "cve@mitre.org",
|
"ASSIGNER": "cve@mitre.org",
|
||||||
"STATE": "RESERVED"
|
"ID": "CVE-2021-40618",
|
||||||
|
"STATE": "PUBLIC"
|
||||||
},
|
},
|
||||||
|
"affects": {
|
||||||
|
"vendor": {
|
||||||
|
"vendor_data": [
|
||||||
|
{
|
||||||
|
"product": {
|
||||||
|
"product_data": [
|
||||||
|
{
|
||||||
|
"product_name": "n/a",
|
||||||
|
"version": {
|
||||||
|
"version_data": [
|
||||||
|
{
|
||||||
|
"version_value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"vendor_name": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"data_format": "MITRE",
|
||||||
|
"data_type": "CVE",
|
||||||
|
"data_version": "4.0",
|
||||||
"description": {
|
"description": {
|
||||||
"description_data": [
|
"description_data": [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang": "eng",
|
||||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
"value": "An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"problemtype": {
|
||||||
|
"problemtype_data": [
|
||||||
|
{
|
||||||
|
"description": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "n/a"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"reference_data": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/OS4ED/openSIS-Classic/issues/193",
|
||||||
|
"refsource": "MISC",
|
||||||
|
"name": "https://github.com/OS4ED/openSIS-Classic/issues/193"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
18
2021/42xxx/CVE-2021-42324.json
Normal file
18
2021/42xxx/CVE-2021-42324.json
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{
|
||||||
|
"data_type": "CVE",
|
||||||
|
"data_format": "MITRE",
|
||||||
|
"data_version": "4.0",
|
||||||
|
"CVE_data_meta": {
|
||||||
|
"ID": "CVE-2021-42324",
|
||||||
|
"ASSIGNER": "cve@mitre.org",
|
||||||
|
"STATE": "RESERVED"
|
||||||
|
},
|
||||||
|
"description": {
|
||||||
|
"description_data": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
18
2021/42xxx/CVE-2021-42325.json
Normal file
18
2021/42xxx/CVE-2021-42325.json
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{
|
||||||
|
"data_type": "CVE",
|
||||||
|
"data_format": "MITRE",
|
||||||
|
"data_version": "4.0",
|
||||||
|
"CVE_data_meta": {
|
||||||
|
"ID": "CVE-2021-42325",
|
||||||
|
"ASSIGNER": "cve@mitre.org",
|
||||||
|
"STATE": "RESERVED"
|
||||||
|
},
|
||||||
|
"description": {
|
||||||
|
"description_data": [
|
||||||
|
{
|
||||||
|
"lang": "eng",
|
||||||
|
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user