diff --git a/2020/11xxx/CVE-2020-11849.json b/2020/11xxx/CVE-2020-11849.json index dd635f4cd10..13bc4409ee6 100644 --- a/2020/11xxx/CVE-2020-11849.json +++ b/2020/11xxx/CVE-2020-11849.json @@ -2,17 +2,97 @@ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.9" + }, "CVE_data_meta": { "ID": "CVE-2020-11849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-07-07T20:00:00.000Z", + "TITLE": "Elevation of privilege and unauthorized access in Micro Focus Identity Manager product ", + "STATE": "PUBLIC" + }, + "source": { + "discovery": "EXTERNAL" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.7.3" + }, + { + "version_affected": "<=", + "version_value": "4.8.1" + } + ] + } + } + ] + }, + "vendor_name": "Micro Fosus" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege and/or unauthorized access" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access." } ] - } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html", + "name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html" + }, + { + "refsource": "MISC", + "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html", + "name": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html" + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Elevation of privilege and/or unauthorized access" + } + ], + "solution": [ + { + "lang": "eng", + "value": "For version 4.7.3 https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html\nFor version 4.8.1 https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Mark van Reijn, of IDFocus. " + } + ] } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3973.json b/2020/3xxx/CVE-2020-3973.json index 6b0bc236c1b..a0e2396bb53 100644 --- a/2020/3xxx/CVE-2020-3973.json +++ b/2020/3xxx/CVE-2020-3973.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware SD-WAN by VeloCloud", + "version": { + "version_data": [ + { + "version_value": "VMware SD-WAN by VeloCloud 3.2.x, 3.3.x prior to 3.3.2 p2, 3.4.x prior to 3.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Blind SQL-injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0016.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0016.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged." } ] } diff --git a/2020/5xxx/CVE-2020-5764.json b/2020/5xxx/CVE-2020-5764.json index 3909acfd5ae..8d65257f9ff 100644 --- a/2020/5xxx/CVE-2020-5764.json +++ b/2020/5xxx/CVE-2020-5764.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MX Player Android App", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version v1.24.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-41", + "url": "https://www.tenable.com/security/research/tra-2020-41" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in \"Receive\" mode. An attacker can exploit this by connecting to the MX Transfer session as a \"sender\" and sending a MessageType of \"FILE_LIST\" with a \"name\" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended \"/sdcard/MXshare\" directory. In some instances, an attacker can achieve remote code execution by writing \".odex\" and \".vdex\" files in the \"oat\" directory of the MX Player application." } ] } diff --git a/2020/7xxx/CVE-2020-7140.json b/2020/7xxx/CVE-2020-7140.json index 8fac5841000..5dfd8a4549d 100644 --- a/2020/7xxx/CVE-2020-7140.json +++ b/2020/7xxx/CVE-2020-7140.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7140", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IceWall SSO Dfw; IceWall SSO Dgfw", + "version": { + "version_data": [ + { + "version_value": "11.0 (RHEL and Windows)" + }, + { + "version_value": "11.0 (RHEL and Windows)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote cross-site scripting (xss)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04011en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu04011en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess" } ] }