diff --git a/2019/11xxx/CVE-2019-11286.json b/2019/11xxx/CVE-2019-11286.json index 5b6098b5544..2e5e5ecf1ff 100644 --- a/2019/11xxx/CVE-2019-11286.json +++ b/2019/11xxx/CVE-2019-11286.json @@ -3,16 +3,125 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-07-30T23:27:23.000Z", "ID": "CVE-2019-11286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "JMX Credential Deserialization in GemFire" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware GemFire", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.7", + "version_value": "9.7.5" + }, + { + "version_affected": "<", + "version_name": "9.8", + "version_value": "9.8.5" + }, + { + "version_affected": "<", + "version_name": "9.9", + "version_value": "9.9.1" + }, + { + "version_affected": "<", + "version_name": "9.10", + "version_value": "9.10.0" + } + ] + } + }, + { + "product_name": "VMware Tanzu GemFire for VMs", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9", + "version_value": "1.9.2" + }, + { + "version_affected": "<", + "version_name": "1.10", + "version_value": "1.10.1" + }, + { + "version_affected": "<", + "version_name": "1.8", + "version_value": "1.8.2" + }, + { + "version_affected": "<", + "version_name": "1.11", + "version_value": "1.11.0" + } + ] + } + } + ] + }, + "vendor_name": "VMware Tanzu" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://tanzu.vmware.com/security/cve-2019-11286", + "name": "https://tanzu.vmware.com/security/cve-2019-11286" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5396.json b/2020/5xxx/CVE-2020-5396.json index 66348835a12..d45c114a3c7 100644 --- a/2020/5xxx/CVE-2020-5396.json +++ b/2020/5xxx/CVE-2020-5396.json @@ -3,16 +3,100 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-07-30T23:27:40.000Z", "ID": "CVE-2020-5396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "JMX Insecure Default Configuration in GemFire" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware Tanzu GemFire for VMs", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.10", + "version_value": "1.10.2" + }, + { + "version_affected": "<", + "version_name": "1.11", + "version_value": "1.11.1" + } + ] + } + }, + { + "product_name": "VMware GemFire", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.7", + "version_value": "9.7.6" + }, + { + "version_affected": "<", + "version_name": "9.8", + "version_value": "9.8.7" + }, + { + "version_affected": "<", + "version_name": "9.9", + "version_value": "9.9.2" + }, + { + "version_affected": "<", + "version_name": "9.10", + "version_value": "9.10.0" + } + ] + } + } + ] + }, + "vendor_name": "VMware Tanzu" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control - Generic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://tanzu.vmware.com/security/cve-2020-5396", + "name": "https://tanzu.vmware.com/security/cve-2020-5396" + } + ] + }, + "impact": null } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5413.json b/2020/5xxx/CVE-2020-5413.json index 728f0c53d52..b88b226af2e 100644 --- a/2020/5xxx/CVE-2020-5413.json +++ b/2020/5xxx/CVE-2020-5413.json @@ -3,16 +3,83 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-07-23T00:00:00.000Z", "ID": "CVE-2020-5413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Kryo Configuration Allows Code Execution with Unknown \"Serialization Gadgets\"" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Integration", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "4.3", + "version_value": "v4.3.23.RELEASE" + }, + { + "version_affected": "<", + "version_name": "5.1", + "version_value": "v5.1.12.RELEASE" + }, + { + "version_affected": "<", + "version_name": "5.2", + "version_value": "v5.2.8.RELEASE" + }, + { + "version_affected": "<", + "version_name": "5.3", + "version_value": "v5.3.2.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring by VMware" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the \"deserialization gadgets\" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown \"deserialization gadgets\" when configuring Kryo in code." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://tanzu.vmware.com/security/cve-2020-5413", + "name": "https://tanzu.vmware.com/security/cve-2020-5413" + } + ] + }, + "impact": null } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5414.json b/2020/5xxx/CVE-2020-5414.json index f75cbf33e65..96583feb1ca 100644 --- a/2020/5xxx/CVE-2020-5414.json +++ b/2020/5xxx/CVE-2020-5414.json @@ -3,16 +3,127 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-07-30T23:34:26.000Z", "ID": "CVE-2020-5414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "App Autoscaler logs credentials" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PCF Autoscaling", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All", + "version_value": "v232" + } + ] + } + }, + { + "product_name": "Operations Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.7", + "version_value": "2.7.15" + }, + { + "version_affected": "<", + "version_name": "2.8", + "version_value": "2.8.6" + }, + { + "version_affected": "<", + "version_name": "2.9", + "version_value": "2.9.1" + } + ] + } + }, + { + "product_name": "VMware Tanzu Application Service for VMs", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.x", + "version_value": "2.9.7" + }, + { + "version_affected": "<", + "version_name": "2.7.x", + "version_value": "2.7.19" + }, + { + "version_affected": "<", + "version_name": "2.8.x", + "version_value": "2.8.13" + } + ] + } + } + ] + }, + "vendor_name": "VMware Tanzu" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user.\nThe same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1.\nNote that these logs are typically only visible to foundation administrators and operators." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://tanzu.vmware.com/security/cve-2020-5414", + "name": "https://tanzu.vmware.com/security/cve-2020-5414" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H", + "version": "3.0" + } } } \ No newline at end of file