From 40ffa90a87ac28cf4a651da6257129e674a3d039 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Jan 2020 18:01:05 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1869.json | 65 +++++++++++- 2015/3xxx/CVE-2015-3147.json | 70 ++++++++++++- 2015/3xxx/CVE-2015-3150.json | 70 ++++++++++++- 2015/3xxx/CVE-2015-3151.json | 75 +++++++++++++- 2015/3xxx/CVE-2015-3159.json | 60 ++++++++++- 2015/4xxx/CVE-2015-4107.json | 14 +-- 2019/19xxx/CVE-2019-19548.json | 50 +++++++++- 2019/19xxx/CVE-2019-19781.json | 5 + 2019/3xxx/CVE-2019-3929.json | 5 + 2020/5xxx/CVE-2020-5193.json | 56 +++++++++-- 2020/6xxx/CVE-2020-6303.json | 63 +++++++++++- 2020/6xxx/CVE-2020-6304.json | 175 ++++++++++++++++++++++++++++++++- 2020/6xxx/CVE-2020-6305.json | 71 ++++++++++++- 2020/6xxx/CVE-2020-6306.json | 102 ++++++++++++++++++- 2020/6xxx/CVE-2020-6307.json | 99 ++++++++++++++++++- 2020/7xxx/CVE-2020-7044.json | 18 ++++ 2020/7xxx/CVE-2020-7045.json | 18 ++++ 2020/7xxx/CVE-2020-7046.json | 18 ++++ 2020/7xxx/CVE-2020-7047.json | 18 ++++ 2020/7xxx/CVE-2020-7048.json | 18 ++++ 2020/7xxx/CVE-2020-7049.json | 18 ++++ 2020/7xxx/CVE-2020-7050.json | 18 ++++ 2020/7xxx/CVE-2020-7051.json | 18 ++++ 23 files changed, 1078 insertions(+), 46 deletions(-) create mode 100644 2020/7xxx/CVE-2020-7044.json create mode 100644 2020/7xxx/CVE-2020-7045.json create mode 100644 2020/7xxx/CVE-2020-7046.json create mode 100644 2020/7xxx/CVE-2020-7047.json create mode 100644 2020/7xxx/CVE-2020-7048.json create mode 100644 2020/7xxx/CVE-2020-7049.json create mode 100644 2020/7xxx/CVE-2020-7050.json create mode 100644 2020/7xxx/CVE-2020-7051.json diff --git a/2015/1xxx/CVE-2015-1869.json b/2015/1xxx/CVE-2015-1869.json index 103040b4fc3..5e038a75d42 100644 --- a/2015/1xxx/CVE-2015-1869.json +++ b/2015/1xxx/CVE-2015-1869.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1869", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 7417505e1d93cc95ec648b74e3c801bc67aacb9f" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/17/5", + "url": "http://www.openwall.com/lists/oss-security/2015/04/17/5" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca", + "url": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f", + "url": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f" } ] } diff --git a/2015/3xxx/CVE-2015-3147.json b/2015/3xxx/CVE-2015-3147.json index 806243f5f9a..21054a35ca4 100644 --- a/2015/3xxx/CVE-2015-3147.json +++ b/2015/3xxx/CVE-2015-3147.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3147", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/17/5", + "url": "http://www.openwall.com/lists/oss-security/2015/04/17/5" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/pull/955", + "url": "https://github.com/abrt/abrt/pull/955" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1083.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091", + "url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091" } ] } diff --git a/2015/3xxx/CVE-2015-3150.json b/2015/3xxx/CVE-2015-3150.json index 1564e32d101..de8e1203fa3 100644 --- a/2015/3xxx/CVE-2015-3150.json +++ b/2015/3xxx/CVE-2015-3150.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3150", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 1951e7282043dfe1268d492aea056b554baedb75" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8", + "url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1", + "url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7", + "url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75", + "url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75" } ] } diff --git a/2015/3xxx/CVE-2015-3151.json b/2015/3xxx/CVE-2015-3151.json index 160e8cd5e40..1abe39a126f 100644 --- a/2015/3xxx/CVE-2015-3151.json +++ b/2015/3xxx/CVE-2015-3151.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3151", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal (Local File Inclusion)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 7a47f57975be0d285a2f20758e4572dca6d9cdd3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", + "url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", + "url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", + "url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", + "url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", + "url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3" } ] } diff --git a/2015/3xxx/CVE-2015-3159.json b/2015/3xxx/CVE-2015-3159.json index 5371ba2218c..06203ba9b00 100644 --- a/2015/3xxx/CVE-2015-3159.json +++ b/2015/3xxx/CVE-2015-3159.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3159", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 9a4100678fea4d60ec93d35f4c5de2e9ad054f3a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b", + "url": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a", + "url": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a" } ] } diff --git a/2015/4xxx/CVE-2015-4107.json b/2015/4xxx/CVE-2015-4107.json index 054cb30b1ae..ec80b56657b 100644 --- a/2015/4xxx/CVE-2015-4107.json +++ b/2015/4xxx/CVE-2015-4107.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-4107", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4107", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none." } ] } diff --git a/2019/19xxx/CVE-2019-19548.json b/2019/19xxx/CVE-2019-19548.json index 308bdf7abff..9f7b97625e9 100644 --- a/2019/19xxx/CVE-2019-19548.json +++ b/2019/19xxx/CVE-2019-19548.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Norton Power Eraser", + "version": { + "version_data": [ + { + "version_value": "Prior to 5.3.0.67" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1503.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1503.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user." } ] } diff --git a/2019/19xxx/CVE-2019-19781.json b/2019/19xxx/CVE-2019-19781.json index 77b04cb27bc..2429cac376d 100644 --- a/2019/19xxx/CVE-2019-19781.json +++ b/2019/19xxx/CVE-2019-19781.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", "url": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html" } ] } diff --git a/2019/3xxx/CVE-2019-3929.json b/2019/3xxx/CVE-2019-3929.json index ba57ee4e908..9d873c5efbf 100644 --- a/2019/3xxx/CVE-2019-3929.json +++ b/2019/3xxx/CVE-2019-3929.json @@ -88,6 +88,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html", "url": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5193.json b/2020/5xxx/CVE-2020-5193.json index 8125d87ea53..a34d70eb9dd 100644 --- a/2020/5xxx/CVE-2020-5193.json +++ b/2020/5xxx/CVE-2020-5193.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5193", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5193", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html" } ] } diff --git a/2020/6xxx/CVE-2020-6303.json b/2020/6xxx/CVE-2020-6303.json index 90b12e72fc4..cbf22ac656c 100644 --- a/2020/6xxx/CVE-2020-6303.json +++ b/2020/6xxx/CVE-2020-6303.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Disclosure Management", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10.1" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2772325", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2772325" + }, + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" } ] } diff --git a/2020/6xxx/CVE-2020-6304.json b/2020/6xxx/CVE-2020-6304.json index ee5f125bbdc..24d69cbfd78 100644 --- a/2020/6xxx/CVE-2020-6304.json +++ b/2020/6xxx/CVE-2020-6304.json @@ -4,14 +4,183 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL32NUC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL32UC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL64NUC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + }, + { + "version_name": "<", + "version_value": "7.49" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL64UC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + }, + { + "version_name": "<", + "version_value": "7.49" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KERNEL)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.49" + }, + { + "version_name": "<", + "version_value": "7.53" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2848498", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2848498" } ] } diff --git a/2020/6xxx/CVE-2020-6305.json b/2020/6xxx/CVE-2020-6305.json index c3817548616..2457eb62e08 100644 --- a/2020/6xxx/CVE-2020-6305.json +++ b/2020/6xxx/CVE-2020-6305.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Process Integration - Rest Adapter (SAP_XIAF)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2863743", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2863743" } ] } diff --git a/2020/6xxx/CVE-2020-6306.json b/2020/6xxx/CVE-2020-6306.json index cb838ba1a4e..c0173b98f73 100644 --- a/2020/6xxx/CVE-2020-6306.json +++ b/2020/6xxx/CVE-2020-6306.json @@ -4,14 +4,110 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Leasing (SAP_Appl)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.18" + } + ] + } + }, + { + "product_name": "SAP Leasing (EA_Appl)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.0" + }, + { + "version_name": "<", + "version_value": "6.02" + }, + { + "version_name": "<", + "version_value": "6.03" + }, + { + "version_name": "<", + "version_value": "6.04" + }, + { + "version_name": "<", + "version_value": "6.05" + }, + { + "version_name": "<", + "version_value": "6.06" + }, + { + "version_name": "<", + "version_value": "6.16" + }, + { + "version_name": "<", + "version_value": "6.17" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2865348", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2865348" } ] } diff --git a/2020/6xxx/CVE-2020-6307.json b/2020/6xxx/CVE-2020-6307.json index d0615cfdc7c..99c37cde4b1 100644 --- a/2020/6xxx/CVE-2020-6307.json +++ b/2020/6xxx/CVE-2020-6307.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "Automated Note Search Tool (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.0" + }, + { + "version_name": "<", + "version_value": "7.01" + }, + { + "version_name": "<", + "version_value": "7.02" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.4" + }, + { + "version_name": "<", + "version_value": "7.5" + }, + { + "version_name": "<", + "version_value": "7.51" + }, + { + "version_name": "<", + "version_value": "7.52" + }, + { + "version_name": "<", + "version_value": "7.53" + }, + { + "version_name": "<", + "version_value": "7.54" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2863397", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2863397" } ] } diff --git a/2020/7xxx/CVE-2020-7044.json b/2020/7xxx/CVE-2020-7044.json new file mode 100644 index 00000000000..5e0f3142964 --- /dev/null +++ b/2020/7xxx/CVE-2020-7044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7045.json b/2020/7xxx/CVE-2020-7045.json new file mode 100644 index 00000000000..f52e9cc605c --- /dev/null +++ b/2020/7xxx/CVE-2020-7045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7046.json b/2020/7xxx/CVE-2020-7046.json new file mode 100644 index 00000000000..aee66cf6ac7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7047.json b/2020/7xxx/CVE-2020-7047.json new file mode 100644 index 00000000000..8d726e6cf63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7048.json b/2020/7xxx/CVE-2020-7048.json new file mode 100644 index 00000000000..dd183a96aa7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7049.json b/2020/7xxx/CVE-2020-7049.json new file mode 100644 index 00000000000..0bde58e845a --- /dev/null +++ b/2020/7xxx/CVE-2020-7049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7050.json b/2020/7xxx/CVE-2020-7050.json new file mode 100644 index 00000000000..5e2daa9bfdd --- /dev/null +++ b/2020/7xxx/CVE-2020-7050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7051.json b/2020/7xxx/CVE-2020-7051.json new file mode 100644 index 00000000000..5a3689796d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file