diff --git a/2020/14xxx/CVE-2020-14676.json b/2020/14xxx/CVE-2020-14676.json index 5c7885cd608..6ba58998f68 100644 --- a/2020/14xxx/CVE-2020-14676.json +++ b/2020/14xxx/CVE-2020-14676.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14676" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14677.json b/2020/14xxx/CVE-2020-14677.json index 112aee5f6c0..0111654c374 100644 --- a/2020/14xxx/CVE-2020-14677.json +++ b/2020/14xxx/CVE-2020-14677.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14677" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14678.json b/2020/14xxx/CVE-2020-14678.json index c860f8b54b4..7193d9f1360 100644 --- a/2020/14xxx/CVE-2020-14678.json +++ b/2020/14xxx/CVE-2020-14678.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14678" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "8.0.20 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14679.json b/2020/14xxx/CVE-2020-14679.json index 48e78881501..e81bd0b2fe2 100644 --- a/2020/14xxx/CVE-2020-14679.json +++ b/2020/14xxx/CVE-2020-14679.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14679" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "CRM Technical Foundation", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14680.json b/2020/14xxx/CVE-2020-14680.json index e86786141b9..2be2119b96b 100644 --- a/2020/14xxx/CVE-2020-14680.json +++ b/2020/14xxx/CVE-2020-14680.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14680" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "8.0.20 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14681.json b/2020/14xxx/CVE-2020-14681.json index 5824f6d0687..5d78459ee48 100644 --- a/2020/14xxx/CVE-2020-14681.json +++ b/2020/14xxx/CVE-2020-14681.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14681" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "E-Business Intelligence", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "E-Business Intelligence", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14682.json b/2020/14xxx/CVE-2020-14682.json index ff50e58a9af..8e26a996411 100644 --- a/2020/14xxx/CVE-2020-14682.json +++ b/2020/14xxx/CVE-2020-14682.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14682" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Depot Repair", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Depot Repair", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14684.json b/2020/14xxx/CVE-2020-14684.json index c8256e175ec..c217bd35509 100644 --- a/2020/14xxx/CVE-2020-14684.json +++ b/2020/14xxx/CVE-2020-14684.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14684" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Financial Services Analytical Applications Infrastructure", - "version": { - "version_data": [ - { - "version_value": "8.0.6-8.1.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14685.json b/2020/14xxx/CVE-2020-14685.json index b1752ad6815..d4059c1d048 100644 --- a/2020/14xxx/CVE-2020-14685.json +++ b/2020/14xxx/CVE-2020-14685.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14685" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Financial Services Analytical Applications Infrastructure", - "version": { - "version_data": [ - { - "version_value": "8.0.6-8.1.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14686.json b/2020/14xxx/CVE-2020-14686.json index c10135f1a0b..acb283def05 100644 --- a/2020/14xxx/CVE-2020-14686.json +++ b/2020/14xxx/CVE-2020-14686.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14686" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "iSupport", - "version": { - "version_data": [ - { - "version_value": "12.1.1-12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14687.json b/2020/14xxx/CVE-2020-14687.json index fd5dfcb8f9b..e799ac27ee1 100644 --- a/2020/14xxx/CVE-2020-14687.json +++ b/2020/14xxx/CVE-2020-14687.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14687" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WebLogic Server", - "version": { - "version_data": [ - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - }, - { - "version_value": "14.1.1.0.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + }, + { + "version_value": "14.1.1.0.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.8", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14688.json b/2020/14xxx/CVE-2020-14688.json index 67a66601229..89079f54586 100644 --- a/2020/14xxx/CVE-2020-14688.json +++ b/2020/14xxx/CVE-2020-14688.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14688" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Common Applications", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Applications", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14690.json b/2020/14xxx/CVE-2020-14690.json index d9c7161abaf..b8daaaebbb1 100644 --- a/2020/14xxx/CVE-2020-14690.json +++ b/2020/14xxx/CVE-2020-14690.json @@ -1,79 +1,82 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14690" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Oracle Business Intelligence Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "5.5.0.0.0", - "version_affected": "=" - }, - { - "version_value": "11.1.1.9.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "5.5.0.0.0", + "version_affected": "=" + }, + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14691.json b/2020/14xxx/CVE-2020-14691.json index e74f6b52ecb..150c565c801 100644 --- a/2020/14xxx/CVE-2020-14691.json +++ b/2020/14xxx/CVE-2020-14691.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14691" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Financial Services Liquidity Risk Management", - "version": { - "version_data": [ - { - "version_value": "8.0.6", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Liquidity Risk Management", + "version": { + "version_data": [ + { + "version_value": "8.0.6", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14692.json b/2020/14xxx/CVE-2020-14692.json index d363e597de3..b1a4e0d432b 100644 --- a/2020/14xxx/CVE-2020-14692.json +++ b/2020/14xxx/CVE-2020-14692.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14692" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Financial Services Loan Loss Forecasting and Provisioning", - "version": { - "version_data": [ - { - "version_value": "8.0.6-8.0.8", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Loan Loss Forecasting and Provisioning", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.0.8", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14693.json b/2020/14xxx/CVE-2020-14693.json index 13ce3e85e7d..c84f562a2d5 100644 --- a/2020/14xxx/CVE-2020-14693.json +++ b/2020/14xxx/CVE-2020-14693.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14693" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Insurance Accounting Analyzer", - "version": { - "version_data": [ - { - "version_value": "8.0.6-8.0.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insurance Accounting Analyzer", + "version": { + "version_data": [ + { + "version_value": "8.0.6-8.0.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Accounting Analyzer accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Accounting Analyzer accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Accounting Analyzer accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Accounting Analyzer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Accounting Analyzer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14694.json b/2020/14xxx/CVE-2020-14694.json index e89f86041ba..3d919b5bc8d 100644 --- a/2020/14xxx/CVE-2020-14694.json +++ b/2020/14xxx/CVE-2020-14694.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14694" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14695.json b/2020/14xxx/CVE-2020-14695.json index 5d3f1ccb7b7..4c7c99d4249 100644 --- a/2020/14xxx/CVE-2020-14695.json +++ b/2020/14xxx/CVE-2020-14695.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14695" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14696.json b/2020/14xxx/CVE-2020-14696.json index 2cf056e8ef5..dfc952023ac 100644 --- a/2020/14xxx/CVE-2020-14696.json +++ b/2020/14xxx/CVE-2020-14696.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14696" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "BI Publisher (formerly XML Publisher)", - "version": { - "version_data": [ - { - "version_value": "11.1.1.9.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.4.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BI Publisher (formerly XML Publisher)", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Layout Templates). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Layout Templates). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14697.json b/2020/14xxx/CVE-2020-14697.json index c5f195d88f7..122305cdccb 100644 --- a/2020/14xxx/CVE-2020-14697.json +++ b/2020/14xxx/CVE-2020-14697.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14697" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "8.0.20 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14698.json b/2020/14xxx/CVE-2020-14698.json index 8246308447e..e5f6d6b4bd6 100644 --- a/2020/14xxx/CVE-2020-14698.json +++ b/2020/14xxx/CVE-2020-14698.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14698" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14699.json b/2020/14xxx/CVE-2020-14699.json index 25359cf2574..2c87c46ae1a 100644 --- a/2020/14xxx/CVE-2020-14699.json +++ b/2020/14xxx/CVE-2020-14699.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14699" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14700.json b/2020/14xxx/CVE-2020-14700.json index 05c380a1710..7eec3156fe2 100644 --- a/2020/14xxx/CVE-2020-14700.json +++ b/2020/14xxx/CVE-2020-14700.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14700" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.3", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14701.json b/2020/14xxx/CVE-2020-14701.json index 0e0ee1e7f76..5dc0820cfe6 100644 --- a/2020/14xxx/CVE-2020-14701.json +++ b/2020/14xxx/CVE-2020-14701.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14701" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SD-WAN Aware", - "version": { - "version_data": [ - { - "version_value": "8.2", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SD-WAN Aware", + "version": { + "version_data": [ + { + "version_value": "8.2", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Aware. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "10.", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Aware." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). The supported version that is affected is 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Aware. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "10.", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. While the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Aware." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14702.json b/2020/14xxx/CVE-2020-14702.json index 3ddc577f284..7744e09bcdf 100644 --- a/2020/14xxx/CVE-2020-14702.json +++ b/2020/14xxx/CVE-2020-14702.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14702" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "MySQL Server", - "version": { - "version_data": [ - { - "version_value": "8.0.20 and prior", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.20 and prior", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.9", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14703.json b/2020/14xxx/CVE-2020-14703.json index e7b8e49e522..3ed2cb4e481 100644 --- a/2020/14xxx/CVE-2020-14703.json +++ b/2020/14xxx/CVE-2020-14703.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14703" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.0", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14704.json b/2020/14xxx/CVE-2020-14704.json index c6373ec7336..ece8334e544 100644 --- a/2020/14xxx/CVE-2020-14704.json +++ b/2020/14xxx/CVE-2020-14704.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14704" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.0", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14705.json b/2020/14xxx/CVE-2020-14705.json index 4deab9ebad6..f7d6da544c5 100644 --- a/2020/14xxx/CVE-2020-14705.json +++ b/2020/14xxx/CVE-2020-14705.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14705" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "GoldenGate", - "version": { - "version_data": [ - { - "version_value": "19.1.0.0.0", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GoldenGate", + "version": { + "version_data": [ + { + "version_value": "19.1.0.0.0", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "9.6", - "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "9.6", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14706.json b/2020/14xxx/CVE-2020-14706.json index 185b4e74e64..44776da89b3 100644 --- a/2020/14xxx/CVE-2020-14706.json +++ b/2020/14xxx/CVE-2020-14706.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14706" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Primavera P6 Enterprise Project Portfolio Management", - "version": { - "version_data": [ - { - "version_value": "17.1.0.0-17.12.17.1", - "version_affected": "=" - }, - { - "version_value": "18.1.0.0-18.8.19", - "version_affected": "=" - }, - { - "version_value": "19.12.0-19.12.5", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "17.1.0.0-17.12.17.1", + "version_affected": "=" + }, + { + "version_value": "18.1.0.0-18.8.19", + "version_affected": "=" + }, + { + "version_value": "19.12.0-19.12.5", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19 and 19.12.0-19.12.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.9", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.1.0.0-17.12.17.1, 18.1.0.0-18.8.19 and 19.12.0-19.12.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14707.json b/2020/14xxx/CVE-2020-14707.json index d7883a1c0a8..2445ba819e8 100644 --- a/2020/14xxx/CVE-2020-14707.json +++ b/2020/14xxx/CVE-2020-14707.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14707" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.0", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14708.json b/2020/14xxx/CVE-2020-14708.json index ff554df9cf9..61b7d81453a 100644 --- a/2020/14xxx/CVE-2020-14708.json +++ b/2020/14xxx/CVE-2020-14708.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14708" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Retail Customer Management and Segmentation Foundation", - "version": { - "version_data": [ - { - "version_value": "16.0", - "version_affected": "=" - }, - { - "version_value": "17.0", - "version_affected": "=" - }, - { - "version_value": "18.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + }, + { + "version_value": "17.0", + "version_affected": "=" + }, + { + "version_value": "18.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14709.json b/2020/14xxx/CVE-2020-14709.json index 82d1481daf8..6cf01335511 100644 --- a/2020/14xxx/CVE-2020-14709.json +++ b/2020/14xxx/CVE-2020-14709.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14709" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Retail Customer Management and Segmentation Foundation", - "version": { - "version_data": [ - { - "version_value": "16.0", - "version_affected": "=" - }, - { - "version_value": "17.0", - "version_affected": "=" - }, - { - "version_value": "18.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + }, + { + "version_value": "17.0", + "version_affected": "=" + }, + { + "version_value": "18.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14710.json b/2020/14xxx/CVE-2020-14710.json index 6a7e3ebbc9b..9c332f46c56 100644 --- a/2020/14xxx/CVE-2020-14710.json +++ b/2020/14xxx/CVE-2020-14710.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14710" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Retail Customer Management and Segmentation Foundation", - "version": { - "version_data": [ - { - "version_value": "16.0", - "version_affected": "=" - }, - { - "version_value": "17.0", - "version_affected": "=" - }, - { - "version_value": "18.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + }, + { + "version_value": "17.0", + "version_affected": "=" + }, + { + "version_value": "18.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.4", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14711.json b/2020/14xxx/CVE-2020-14711.json index 5bcce998d57..1c705f70208 100644 --- a/2020/14xxx/CVE-2020-14711.json +++ b/2020/14xxx/CVE-2020-14711.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14711" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14712.json b/2020/14xxx/CVE-2020-14712.json index 467d18235db..5f48ac9214f 100644 --- a/2020/14xxx/CVE-2020-14712.json +++ b/2020/14xxx/CVE-2020-14712.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14712" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.0", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.0", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14713.json b/2020/14xxx/CVE-2020-14713.json index f74abc0a905..5fff4b0e51b 100644 --- a/2020/14xxx/CVE-2020-14713.json +++ b/2020/14xxx/CVE-2020-14713.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14713" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.5", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14714.json b/2020/14xxx/CVE-2020-14714.json index bbbecf4de53..634aa1b136f 100644 --- a/2020/14xxx/CVE-2020-14714.json +++ b/2020/14xxx/CVE-2020-14714.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14714" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.4", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.4", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14715.json b/2020/14xxx/CVE-2020-14715.json index 99a3b7860a2..acd0ac40c41 100644 --- a/2020/14xxx/CVE-2020-14715.json +++ b/2020/14xxx/CVE-2020-14715.json @@ -1,75 +1,78 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14715" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "VM VirtualBox", - "version": { - "version_data": [ - { - "version_value": "5.2.44", - "version_affected": "<" - }, - { - "version_value": "6.0.24", - "version_affected": "<" - }, - { - "version_value": "6.1.12", - "version_affected": "<" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.44", + "version_affected": "<" + }, + { + "version_value": "6.0.24", + "version_affected": "<" + }, + { + "version_value": "6.1.12", + "version_affected": "<" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.4", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.4", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14716.json b/2020/14xxx/CVE-2020-14716.json index ef8e9774449..ff56f90cf2e 100644 --- a/2020/14xxx/CVE-2020-14716.json +++ b/2020/14xxx/CVE-2020-14716.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14716" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Common Applications", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Applications", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.7", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14717.json b/2020/14xxx/CVE-2020-14717.json index da57c37d721..a2f0588e66f 100644 --- a/2020/14xxx/CVE-2020-14717.json +++ b/2020/14xxx/CVE-2020-14717.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14717" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Common Applications", - "version": { - "version_data": [ - { - "version_value": "12.1.3", - "version_affected": "=" - }, - { - "version_value": "12.2.3-12.2.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Applications", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "4.7", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14718.json b/2020/14xxx/CVE-2020-14718.json index c2c629587b7..edf1c9cc8eb 100644 --- a/2020/14xxx/CVE-2020-14718.json +++ b/2020/14xxx/CVE-2020-14718.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14718" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "GraalVM Enterprise Edition", - "version": { - "version_data": [ - { - "version_value": "19.3.2", - "version_affected": "=" - }, - { - "version_value": "20.1.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.2", + "version_affected": "=" + }, + { + "version_value": "20.1.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14719.json b/2020/14xxx/CVE-2020-14719.json index 608a6647a4d..20f8958aa8a 100644 --- a/2020/14xxx/CVE-2020-14719.json +++ b/2020/14xxx/CVE-2020-14719.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14719" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Expenses", - "version": { - "version_data": [ - { - "version_value": "12.2.4-12.2.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Expenses", + "version": { + "version_data": [ + { + "version_value": "12.2.4-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.7", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14720.json b/2020/14xxx/CVE-2020-14720.json index 786e0425cca..8a6cdacc4c2 100644 --- a/2020/14xxx/CVE-2020-14720.json +++ b/2020/14xxx/CVE-2020-14720.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14720" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Internet Expenses", - "version": { - "version_data": [ - { - "version_value": "12.2.4-12.2.9", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Expenses", + "version": { + "version_data": [ + { + "version_value": "12.2.4-12.2.9", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.7", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14721.json b/2020/14xxx/CVE-2020-14721.json index 5ddf79857b0..cf695b9ae37 100644 --- a/2020/14xxx/CVE-2020-14721.json +++ b/2020/14xxx/CVE-2020-14721.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14721" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Enterprise Communications Broker", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.2.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Communications Broker", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.2.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "6.3", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14722.json b/2020/14xxx/CVE-2020-14722.json index 78d672bd05c..f7122ed6b5e 100644 --- a/2020/14xxx/CVE-2020-14722.json +++ b/2020/14xxx/CVE-2020-14722.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14722" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Enterprise Communications Broker", - "version": { - "version_data": [ - { - "version_value": "3.0.0-3.2.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Communications Broker", + "version": { + "version_data": [ + { + "version_value": "3.0.0-3.2.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "5.8", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.8", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14723.json b/2020/14xxx/CVE-2020-14723.json index 190af07eb65..a8521dd1993 100644 --- a/2020/14xxx/CVE-2020-14723.json +++ b/2020/14xxx/CVE-2020-14723.json @@ -1,71 +1,74 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14723" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Help Technologies", - "version": { - "version_data": [ - { - "version_value": "11.1.1.9.0", - "version_affected": "=" - }, - { - "version_value": "12.2.1.3.0", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Help Technologies", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "8.2", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file diff --git a/2020/14xxx/CVE-2020-14724.json b/2020/14xxx/CVE-2020-14724.json index 0c55afb9be7..11ad7d9328a 100644 --- a/2020/14xxx/CVE-2020-14724.json +++ b/2020/14xxx/CVE-2020-14724.json @@ -1,67 +1,70 @@ - { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secalert_us@oracle.com", - "ID": "CVE-2020-14724" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Solaris Operating System", - "version": { - "version_data": [ - { - "version_value": "11", - "version_affected": "=" - } - ] - } +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2020-14724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] } - ] - }, - "vendor_name": "Oracle Corporation" - } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)." - } - ] - }, - "impact": { - "cvss": { - "baseScore": "7.3", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] + }, + "vendor_name": "Oracle Corporation" } ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.3", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujul2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujul2020.html" + } + ] } +} \ No newline at end of file