From 2d9d2d78b7de3e9d790a4a48a7240fbfca6123b9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 26 Nov 2019 18:02:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/16xxx/CVE-2019-16386.json | 62 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16387.json | 62 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16388.json | 62 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17392.json | 62 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17590.json | 62 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19308.json | 18 ++++++++++ 6 files changed, 328 insertions(+) create mode 100644 2019/16xxx/CVE-2019-16386.json create mode 100644 2019/16xxx/CVE-2019-16387.json create mode 100644 2019/16xxx/CVE-2019-16388.json create mode 100644 2019/17xxx/CVE-2019-17392.json create mode 100644 2019/17xxx/CVE-2019-17590.json create mode 100644 2019/19xxx/CVE-2019-19308.json diff --git a/2019/16xxx/CVE-2019-16386.json b/2019/16xxx/CVE-2019-16386.json new file mode 100644 index 00000000000..31996d4dae1 --- /dev/null +++ b/2019/16xxx/CVE-2019-16386.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.cybercastrum.com/2019/11/25/cve-2019-16386/", + "url": "https://blog.cybercastrum.com/2019/11/25/cve-2019-16386/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16387.json b/2019/16xxx/CVE-2019-16387.json new file mode 100644 index 00000000000..66fdb64aced --- /dev/null +++ b/2019/16xxx/CVE-2019-16387.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.cybercastrum.com/2019/11/25/cve-2019-16387/", + "url": "https://blog.cybercastrum.com/2019/11/25/cve-2019-16387/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16388.json b/2019/16xxx/CVE-2019-16388.json new file mode 100644 index 00000000000..be4734d6735 --- /dev/null +++ b/2019/16xxx/CVE-2019-16388.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.cybercastrum.com/2019/11/25/cve-2019-16388/", + "url": "https://blog.cybercastrum.com/2019/11/25/cve-2019-16388/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17392.json b/2019/17xxx/CVE-2019-17392.json new file mode 100644 index 00000000000..daffc7bd2f6 --- /dev/null +++ b/2019/17xxx/CVE-2019-17392.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019", + "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17590.json b/2019/17xxx/CVE-2019-17590.json new file mode 100644 index 00000000000..1789bf53165 --- /dev/null +++ b/2019/17xxx/CVE-2019-17590.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them to click the link. Once the user/victim clicks the \"try again\" button, the attacker can take over the account and perform unintended actions on the victim's behalf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pastebin.com/01tDgq7u", + "url": "https://pastebin.com/01tDgq7u" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19308.json b/2019/19xxx/CVE-2019-19308.json new file mode 100644 index 00000000000..bd2e9c9981a --- /dev/null +++ b/2019/19xxx/CVE-2019-19308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file