From 31c25f9b458ed548f948e2116d34a13fdc0b0a25 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 19 Jan 2021 16:01:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27733.json | 56 +++++++++-- 2020/4xxx/CVE-2020-4871.json | 176 ++++++++++++++++----------------- 2020/4xxx/CVE-2020-4873.json | 174 ++++++++++++++++---------------- 2020/4xxx/CVE-2020-4881.json | 176 ++++++++++++++++----------------- 2021/22xxx/CVE-2021-22498.json | 50 +++++++++- 2021/25xxx/CVE-2021-25323.json | 62 ++++++++++++ 2021/25xxx/CVE-2021-25324.json | 62 ++++++++++++ 2021/25xxx/CVE-2021-25325.json | 62 ++++++++++++ 2021/25xxx/CVE-2021-25326.json | 18 ++++ 2021/25xxx/CVE-2021-25327.json | 18 ++++ 2021/25xxx/CVE-2021-25328.json | 18 ++++ 2021/3xxx/CVE-2021-3184.json | 62 ++++++++++++ 12 files changed, 662 insertions(+), 272 deletions(-) create mode 100644 2021/25xxx/CVE-2021-25323.json create mode 100644 2021/25xxx/CVE-2021-25324.json create mode 100644 2021/25xxx/CVE-2021-25325.json create mode 100644 2021/25xxx/CVE-2021-25326.json create mode 100644 2021/25xxx/CVE-2021-25327.json create mode 100644 2021/25xxx/CVE-2021-25328.json create mode 100644 2021/3xxx/CVE-2021-3184.json diff --git a/2020/27xxx/CVE-2020-27733.json b/2020/27xxx/CVE-2020-27733.json index ecfe68143dc..4e617a69ede 100644 --- a/2020/27xxx/CVE-2020-27733.json +++ b/2020/27xxx/CVE-2020-27733.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27733", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27733", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/applications_manager/issues.html#v14880", + "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14880" } ] } diff --git a/2020/4xxx/CVE-2020-4871.json b/2020/4xxx/CVE-2020-4871.json index 81183066718..468a096e9e1 100644 --- a/2020/4xxx/CVE-2020-4871.json +++ b/2020/4xxx/CVE-2020-4871.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Planning Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Planning Analytics", + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "PR" : "N", - "UI" : "N", - "AV" : "L", - "A" : "N", - "I" : "N", - "AC" : "L", - "SCORE" : "4.000", - "C" : "L", - "S" : "U" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-01-18T00:00:00", - "ID" : "CVE-2020-4871", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6404674", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6404674", - "title" : "IBM Security Bulletin 6404674 (Planning Analytics)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190834", - "refsource" : "XF", - "name" : "ibm-planning-cve20204871-info-disc (190834)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_version" : "4.0" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "PR": "N", + "UI": "N", + "AV": "L", + "A": "N", + "I": "N", + "AC": "L", + "SCORE": "4.000", + "C": "L", + "S": "U" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-01-18T00:00:00", + "ID": "CVE-2020-4871", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6404674", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6404674", + "title": "IBM Security Bulletin 6404674 (Planning Analytics)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190834", + "refsource": "XF", + "name": "ibm-planning-cve20204871-info-disc (190834)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4873.json b/2020/4xxx/CVE-2020-4873.json index 184af47fd13..57f85a267c5 100644 --- a/2020/4xxx/CVE-2020-4873.json +++ b/2020/4xxx/CVE-2020-4873.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "data_format": "MITRE", + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Planning Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836." } - ] - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6404674 (Planning Analytics)", - "name" : "https://www.ibm.com/support/pages/node/6404674", - "url" : "https://www.ibm.com/support/pages/node/6404674" - }, - { - "refsource" : "XF", - "name" : "ibm-planning-cve20204873-info-disc (190836)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190836" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-01-18T00:00:00", - "ID" : "CVE-2020-4873", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "PR" : "N", - "UI" : "N", - "I" : "N", - "AV" : "N", - "A" : "N", - "AC" : "L", - "SCORE" : "5.300", - "C" : "L", - "S" : "U" - } - } - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Planning Analytics", + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6404674 (Planning Analytics)", + "name": "https://www.ibm.com/support/pages/node/6404674", + "url": "https://www.ibm.com/support/pages/node/6404674" + }, + { + "refsource": "XF", + "name": "ibm-planning-cve20204873-info-disc (190836)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190836" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-01-18T00:00:00", + "ID": "CVE-2020-4873", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "PR": "N", + "UI": "N", + "I": "N", + "AV": "N", + "A": "N", + "AC": "L", + "SCORE": "5.300", + "C": "L", + "S": "U" + } + } + } +} \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4881.json b/2020/4xxx/CVE-2020-4881.json index bf4dc1b987e..1d41da39cc6 100644 --- a/2020/4xxx/CVE-2020-4881.json +++ b/2020/4xxx/CVE-2020-4881.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Planning Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Planning Analytics", + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6404674", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6404674 (Planning Analytics)", - "url" : "https://www.ibm.com/support/pages/node/6404674" - }, - { - "name" : "ibm-planning-cve20204881-info-disc (190851)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/190851" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2020-4881", - "DATE_PUBLIC" : "2021-01-18T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "AC" : "H", - "C" : "H", - "SCORE" : "5.900", - "S" : "U", - "PR" : "N", - "UI" : "N", - "AV" : "N", - "A" : "N", - "I" : "N" - } - } - }, - "data_version" : "4.0" -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6404674", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6404674 (Planning Analytics)", + "url": "https://www.ibm.com/support/pages/node/6404674" + }, + { + "name": "ibm-planning-cve20204881-info-disc (190851)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190851" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2020-4881", + "DATE_PUBLIC": "2021-01-18T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "AC": "H", + "C": "H", + "SCORE": "5.900", + "S": "U", + "PR": "N", + "UI": "N", + "AV": "N", + "A": "N", + "I": "N" + } + } + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22498.json b/2021/22xxx/CVE-2021-22498.json index e794170c1c5..b5e1d6e15a2 100644 --- a/2021/22xxx/CVE-2021-22498.json +++ b/2021/22xxx/CVE-2021-22498.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@microfocus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Application Lifecycle Management ( Previously known as Quality Center ).", + "version": { + "version_data": [ + { + "version_value": "Affected versions are: 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity Injection." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03771781", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03771781" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection." } ] } diff --git a/2021/25xxx/CVE-2021-25323.json b/2021/25xxx/CVE-2021-25323.json new file mode 100644 index 00000000000..04d0f94e5f4 --- /dev/null +++ b/2021/25xxx/CVE-2021-25323.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-25323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/afbf95a478b6e94f532ca0776c79da1b08be7eed", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/afbf95a478b6e94f532ca0776c79da1b08be7eed" + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25324.json b/2021/25xxx/CVE-2021-25324.json new file mode 100644 index 00000000000..a715b4b83e0 --- /dev/null +++ b/2021/25xxx/CVE-2021-25324.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-25324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/741243f707cac7de1a3769a38e03004f037f4a3d", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/741243f707cac7de1a3769a38e03004f037f4a3d" + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25325.json b/2021/25xxx/CVE-2021-25325.json new file mode 100644 index 00000000000..0bf96f9267b --- /dev/null +++ b/2021/25xxx/CVE-2021-25325.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-25325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/829c3199ba3afdecb52e0719509f3df4463be5b4", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/829c3199ba3afdecb52e0719509f3df4463be5b4" + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25326.json b/2021/25xxx/CVE-2021-25326.json new file mode 100644 index 00000000000..6ab93cf1ab1 --- /dev/null +++ b/2021/25xxx/CVE-2021-25326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25327.json b/2021/25xxx/CVE-2021-25327.json new file mode 100644 index 00000000000..0a38c00af44 --- /dev/null +++ b/2021/25xxx/CVE-2021-25327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25328.json b/2021/25xxx/CVE-2021-25328.json new file mode 100644 index 00000000000..7ac1ef5bb45 --- /dev/null +++ b/2021/25xxx/CVE-2021-25328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3184.json b/2021/3xxx/CVE-2021-3184.json new file mode 100644 index 00000000000..dd83d4a9665 --- /dev/null +++ b/2021/3xxx/CVE-2021-3184.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-3184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/MISP/MISP/commit/8283e0fbec551f45f3f181cdb2cf29cddc23df66", + "refsource": "MISC", + "name": "https://github.com/MISP/MISP/commit/8283e0fbec551f45f3f181cdb2cf29cddc23df66" + } + ] + } +} \ No newline at end of file