From 022c23c9ae26d16864091e4ea33d300f9a6b9eb1 Mon Sep 17 00:00:00 2001 From: DellEMCProductSecurity Date: Thu, 6 Feb 2020 12:42:47 -0500 Subject: [PATCH] Added CVE-2020-5317,5318,5319 --- 2020/5xxx/CVE-2020-5317.json | 71 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5318.json | 71 +++++++++++++++++++++++++++++++----- 2020/5xxx/CVE-2020-5319.json | 71 +++++++++++++++++++++++++++++++----- 3 files changed, 186 insertions(+), 27 deletions(-) diff --git a/2020/5xxx/CVE-2020-5317.json b/2020/5xxx/CVE-2020-5317.json index a362926fafb..a1cad63819c 100644 --- a/2020/5xxx/CVE-2020-5317.json +++ b/2020/5xxx/CVE-2020-5317.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5317", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-01-29", + "ID": "CVE-2020-5317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elastic Cloud Storage", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.4.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 6.2, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability" } ] } diff --git a/2020/5xxx/CVE-2020-5318.json b/2020/5xxx/CVE-2020-5318.json index 32bf926aecc..10448d22b8e 100644 --- a/2020/5xxx/CVE-2020-5318.json +++ b/2020/5xxx/CVE-2020-5318.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5318", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-01-29", + "ID": "CVE-2020-5318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Isilon OneFS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.1.2, 8.1.0.4, 8.1.0.3, 8.0.0.7" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files.\r\n\r\nThe non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/540708/DSA-2020-018-Dell-EMC-Isilon-OneFS-Security-Update-for-Improper-Authorization-Vulnerability" } ] } diff --git a/2020/5xxx/CVE-2020-5319.json b/2020/5xxx/CVE-2020-5319.json index 36d79832f48..7ed61c317be 100644 --- a/2020/5xxx/CVE-2020-5319.json +++ b/2020/5xxx/CVE-2020-5319.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5319", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2020-01-20", + "ID": "CVE-2020-5319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.2.0.5.009" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-129: Improper Validation of Array Index" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.dell.com/support/security/en-us/details/540336/DSA-2020-019-Dell-EMC-Unity-Family-Dell-EMC-Unity-XT-Family-Denial-of-Service-Vulnerability" } ] }