From 44bb5e53fb2250d71fb04820a02fa613b968b7e1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 14 Dec 2022 22:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/4xxx/CVE-2020-4497.json | 83 ++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3917.json | 97 ++++++++++++++++++++++++++++++++++-- 2022/4xxx/CVE-2022-4410.json | 74 +++++++++++++++++++++++++-- 3 files changed, 242 insertions(+), 12 deletions(-) diff --git a/2020/4xxx/CVE-2020-4497.json b/2020/4xxx/CVE-2020-4497.json index 8a83684cda7..cd293dcc8b1 100644 --- a/2020/4xxx/CVE-2020-4497.json +++ b/2020/4xxx/CVE-2020-4497.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-4497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect Plus", + "version": { + "version_data": [ + { + "version_value": "10.1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6847627", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/6847627" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182106" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3917.json b/2022/3xxx/CVE-2022-3917.json index dac1b057d3f..0d4cc8f9adc 100644 --- a/2022/3xxx/CVE-2022-3917.json +++ b/2022/3xxx/CVE-2022-3917.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Motorola", + "product": { + "product_data": [ + { + "product_name": "Moto e20", + "version": { + "version_data": [ + { + "version_value": "RON31.199-9", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://motorola-global-portal.custhelp.com/app/software-security-update_link/g_id/6853", + "refsource": "MISC", + "name": "https://motorola-global-portal.custhelp.com/app/software-security-update_link/g_id/6853" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nUpdate your Moto e20 to software version RONS31.267-38-8 or later.\n\n
" + } + ], + "value": "\nUpdate your Moto e20 to software version RONS31.267-38-8 or later.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Motorola Mobility thanks David Lodge from Pen Test Partners for reporting this issue" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/4xxx/CVE-2022-4410.json b/2022/4xxx/CVE-2022-4410.json index 57311a0dc49..dab9d95cfd2 100644 --- a/2022/4xxx/CVE-2022-4410.json +++ b/2022/4xxx/CVE-2022-4410.json @@ -1,17 +1,83 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mbis", + "product": { + "product_data": [ + { + "product_name": "Permalink Manager Lite", + "version": { + "version_data": [ + { + "version_value": "*", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cbf9636-9d9d-44d4-b873-8920f2dbb846", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cbf9636-9d9d-44d4-b873-8920f2dbb846" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2833667%40permalink-manager&new=2833667%40permalink-manager&sfp_email=&sfph_mail=", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2833667%40permalink-manager&new=2833667%40permalink-manager&sfp_email=&sfph_mail=" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Nicole Sheinin" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] }