mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-21 05:40:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
8649fada71
commit
42af686ed3
@ -1,90 +1,90 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2021-10-26T17:00:00Z",
|
||||
"ID": "CVE-2021-35499",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO Nimbus",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "10.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below.\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system or the victim's local system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Nimbus versions 10.4.0 and below update to version 10.4.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@tibco.com",
|
||||
"DATE_PUBLIC": "2021-10-26T17:00:00Z",
|
||||
"ID": "CVE-2021-35499",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "TIBCO Nimbus",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "10.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "TIBCO Software Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system or the victim's local system."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.tibco.com/services/support/advisories",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.tibco.com/services/support/advisories"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Nimbus versions 10.4.0 and below update to version 10.4.1 or later"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
@ -78,6 +78,11 @@
|
||||
"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36"
|
||||
},
|
||||
{
|
||||
"refsource": "FULLDISC",
|
||||
"name": "20211026 [ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets",
|
||||
"url": "http://seclists.org/fulldisclosure/2021/Oct/43"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -78,6 +78,11 @@
|
||||
"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m"
|
||||
},
|
||||
{
|
||||
"refsource": "FULLDISC",
|
||||
"name": "20211026 [ES2021-06] FreeSWITCH susceptible to Denial of Service via SIP flooding",
|
||||
"url": "http://seclists.org/fulldisclosure/2021/Oct/42"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -83,6 +83,11 @@
|
||||
"name": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"
|
||||
},
|
||||
{
|
||||
"refsource": "FULLDISC",
|
||||
"name": "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default",
|
||||
"url": "http://seclists.org/fulldisclosure/2021/Oct/41"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -78,6 +78,11 @@
|
||||
"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4"
|
||||
},
|
||||
{
|
||||
"refsource": "FULLDISC",
|
||||
"name": "20211026 [ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways",
|
||||
"url": "http://seclists.org/fulldisclosure/2021/Oct/40"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user