admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-26 17:01:00 +00:00
parent 8649fada71
commit 42af686ed3
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 109 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2021/35xxx/CVE-2021-35499.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@tibco.com", "ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-10-26T17:00:00Z", "DATE_PUBLIC": "2021-10-26T17:00:00Z",
"ID": "CVE-2021-35499", "ID": "CVE-2021-35499",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities" "TITLE": "TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "TIBCO Nimbus", "product_name": "TIBCO Nimbus",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<=", "version_affected": "<=",
"version_value": "10.4.0" "version_value": "10.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name": "TIBCO Software Inc." "vendor_name": "TIBCO Software Inc."
} }
] ]
} }
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below.\n" "value": "The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below."
} }
] ]
}, },
"impact": { "impact": {
"cvss": { "cvss": {
"attackComplexity": "LOW", "attackComplexity": "LOW",
"attackVector": "NETWORK", "attackVector": "NETWORK",
"availabilityImpact": "HIGH", "availabilityImpact": "HIGH",
"baseScore": 8, "baseScore": 8,
"baseSeverity": "HIGH", "baseSeverity": "HIGH",
"confidentialityImpact": "HIGH", "confidentialityImpact": "HIGH",
"integrityImpact": "HIGH", "integrityImpact": "HIGH",
"privilegesRequired": "LOW", "privilegesRequired": "LOW",
"scope": "UNCHANGED", "scope": "UNCHANGED",
"userInteraction": "REQUIRED", "userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0" "version": "3.0"
} }
}, },
"problemtype": { "problemtype": {
"problemtype_data": [ "problemtype_data": [
{ {
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system or the victim's local system." "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system or the victim's local system."
} }
] ]
} }
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"name": "https://www.tibco.com/services/support/advisories", "name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories" "url": "https://www.tibco.com/services/support/advisories"
} }
] ]
}, },
"solution": [ "solution": [
{ {
"lang": "eng", "lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Nimbus versions 10.4.0 and below update to version 10.4.1 or later" "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Nimbus versions 10.4.0 and below update to version 10.4.1 or later"
} }
], ],
"source": { "source": {
"discovery": "INTERNAL" "discovery": "INTERNAL"
} }
} }

5
2021/41xxx/CVE-2021-41105.json
View File

@ -78,6 +78,11 @@
"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36", "name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36" "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36"
},
{
"refsource": "FULLDISC",
"name": "20211026 [ES2021-09] FreeSWITCH susceptible to Denial of Service via invalid SRTP packets",
"url": "http://seclists.org/fulldisclosure/2021/Oct/43"
} }
] ]
}, },

5
2021/41xxx/CVE-2021-41145.json
View File

@ -78,6 +78,11 @@
"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m", "name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m" "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m"
},
{
"refsource": "FULLDISC",
"name": "20211026 [ES2021-06] FreeSWITCH susceptible to Denial of Service via SIP flooding",
"url": "http://seclists.org/fulldisclosure/2021/Oct/42"
} }
] ]
}, },

5
2021/41xxx/CVE-2021-41157.json
View File

@ -83,6 +83,11 @@
"name": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6", "name": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6",
"refsource": "MISC", "refsource": "MISC",
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6" "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.6"
},
{
"refsource": "FULLDISC",
"name": "20211026 [ES2021-08] FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default",
"url": "http://seclists.org/fulldisclosure/2021/Oct/41"
} }
] ]
}, },

5
2021/41xxx/CVE-2021-41158.json
View File

@ -78,6 +78,11 @@
"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4", "name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4" "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4"
},
{
"refsource": "FULLDISC",
"name": "20211026 [ES2021-05] FreeSWITCH vulnerable to SIP digest leak for configured gateways",
"url": "http://seclists.org/fulldisclosure/2021/Oct/40"
} }
] ]
}, },