From 3805e9b2023e8729fbb186d76e9ccbed0b6e84d7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 6 Dec 2022 02:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/34xxx/CVE-2022-34881.json | 91 ++++++++++++++++++++++++++++++++-- 2022/40xxx/CVE-2022-40603.json | 17 ++++--- 2 files changed, 96 insertions(+), 12 deletions(-) diff --git a/2022/34xxx/CVE-2022-34881.json b/2022/34xxx/CVE-2022-34881.json index 3fb9648813d..da78cd21e84 100644 --- a/2022/34xxx/CVE-2022-34881.json +++ b/2022/34xxx/CVE-2022-34881.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-34881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hirt@hitachi.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209 Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi", + "product": { + "product_data": [ + { + "product_name": "JP1/Automatic Operation", + "version": { + "version_data": [ + { + "version_value": "10-00", + "version_affected": "=" + }, + { + "version_value": "11-00", + "version_affected": "=" + }, + { + "version_value": "12-00", + "version_affected": "=" + }, + { + "version_value": "10-52", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-140/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-140/index.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "hitachi-sec-2022-140", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/40xxx/CVE-2022-40603.json b/2022/40xxx/CVE-2022-40603.json index abe9f79c94f..de3a55af3ea 100644 --- a/2022/40xxx/CVE-2022-40603.json +++ b/2022/40xxx/CVE-2022-40603.json @@ -3,8 +3,9 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "PSIRT@zyxel.com.tw", - "ID": "CVE-2022-40603" + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2022-40603", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -23,7 +24,7 @@ ] } }, - { + { "product_name": "VPN series firmware", "version": { "version_data": [ @@ -33,7 +34,7 @@ ] } }, - { + { "product_name": "USG FLEX series firmware", "version": { "version_data": [ @@ -43,7 +44,7 @@ ] } }, - { + { "product_name": "ATP series firmware", "version": { "version_data": [ @@ -53,7 +54,7 @@ ] } } - ] + ] } } ] @@ -91,8 +92,8 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim’s browser." + "value": "A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. Then, the attacker could gain access to some browser-based information if the malicious script is executed on the victim\u2019s browser." } ] } -} +} \ No newline at end of file