From 43674e0339c81e8671683ef90ddee26b8f73e9e1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 25 Aug 2024 08:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/42xxx/CVE-2024-42337.json | 99 +++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42338.json | 99 +++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42339.json | 99 +++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42340.json | 99 +++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8146.json | 105 +++++++++++++++++++++++++++++++-- 5 files changed, 481 insertions(+), 20 deletions(-) diff --git a/2024/42xxx/CVE-2024-42337.json b/2024/42xxx/CVE-2024-42337.json index 1fdcbd81c3c..10cfcf114cc 100644 --- a/2024/42xxx/CVE-2024-42337.json +++ b/2024/42xxx/CVE-2024-42337.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42337", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@cyber.gov.il", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CyberArk", + "product": { + "product_data": [ + { + "product_name": "CyberArk Identity Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "Upgrade to latest version" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "refsource": "MISC", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ILVN-2024-0190", + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to latest version\n\n
" + } + ], + "value": "Upgrade to latest version" + } + ], + "credits": [ + { + "lang": "en", + "value": "Dudu Moyal, Moriel Harush - Peer Security LTD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42338.json b/2024/42xxx/CVE-2024-42338.json index 890de8198a5..2f9da521285 100644 --- a/2024/42xxx/CVE-2024-42338.json +++ b/2024/42xxx/CVE-2024-42338.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42338", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@cyber.gov.il", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CyberArk", + "product": { + "product_data": [ + { + "product_name": "CyberArk Identity Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "Upgrade to latest version" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "refsource": "MISC", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ILVN-2024-0191", + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to latest version\n\n
" + } + ], + "value": "Upgrade to latest version" + } + ], + "credits": [ + { + "lang": "en", + "value": "Dudu Moyal, Moriel Harush - Peer Security LTD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42339.json b/2024/42xxx/CVE-2024-42339.json index 10a8c10053d..461a2193e95 100644 --- a/2024/42xxx/CVE-2024-42339.json +++ b/2024/42xxx/CVE-2024-42339.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@cyber.gov.il", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CyberArk", + "product": { + "product_data": [ + { + "product_name": "CyberArk Identity Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "Upgrade to latest version" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "refsource": "MISC", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ILVN-2024-0192", + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to latest version\n\n
" + } + ], + "value": "Upgrade to latest version" + } + ], + "credits": [ + { + "lang": "en", + "value": "Dudu Moyal, Moriel Harush - Peer Security LTD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42340.json b/2024/42xxx/CVE-2024-42340.json index 9af9a8ed44c..27edfce4989 100644 --- a/2024/42xxx/CVE-2024-42340.json +++ b/2024/42xxx/CVE-2024-42340.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42340", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@cyber.gov.il", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-602: Client-Side Enforcement of Server-Side Security", + "cweId": "CWE-602" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CyberArk", + "product": { + "product_data": [ + { + "product_name": "CyberArk Identity Management", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "All versions", + "version_value": "Upgrade to latest version" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "refsource": "MISC", + "name": "https://www.gov.il/en/Departments/faq/cve_advisories" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ILVN-2024-0193", + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to latest version\n\n
" + } + ], + "value": "Upgrade to latest version" + } + ], + "credits": [ + { + "lang": "en", + "value": "Dudu Moyal, Moriel Harush - Peer Security LTD" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8146.json b/2024/8xxx/CVE-2024-8146.json index 0afa39a6f48..82b0ab56d12 100644 --- a/2024/8xxx/CVE-2024-8146.json +++ b/2024/8xxx/CVE-2024-8146.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8146", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In code-projects Pharmacy Management System 1.0 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /index.php?action=editSalesman. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Pharmacy Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.275728", + "refsource": "MISC", + "name": "https://vuldb.com/?id.275728" + }, + { + "url": "https://vuldb.com/?ctiid.275728", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.275728" + }, + { + "url": "https://vuldb.com/?submit.397417", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.397417" + }, + { + "url": "https://github.com/maqingnan/cve/blob/main/sql1.md", + "refsource": "MISC", + "name": "https://github.com/maqingnan/cve/blob/main/sql1.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mqn123 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }