From 4b129b1f2ca2943cf42b8fe6b55d36b036a99d33 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Apr 2020 16:01:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20635.json | 56 +++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11452.json | 61 ++++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11453.json | 61 ++++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11492.json | 18 ++++++++++ 2020/1xxx/CVE-2020-1773.json | 18 ++++------ 5 files changed, 184 insertions(+), 30 deletions(-) create mode 100644 2020/11xxx/CVE-2020-11492.json diff --git a/2019/20xxx/CVE-2019-20635.json b/2019/20xxx/CVE-2019-20635.json index 419e9a47b8e..a79822e8cf3 100644 --- a/2019/20xxx/CVE-2019-20635.json +++ b/2019/20xxx/CVE-2019-20635.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20635", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20635", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://codebeamer.com/cb/wiki/7372223", + "refsource": "MISC", + "name": "https://codebeamer.com/cb/wiki/7372223" } ] } diff --git a/2020/11xxx/CVE-2020-11452.json b/2020/11xxx/CVE-2020-11452.json index 6f73521de23..7d5294e4d37 100644 --- a/2020/11xxx/CVE-2020-11452.json +++ b/2020/11xxx/CVE-2020-11452.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11452", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11452", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability", + "refsource": "MISC", + "name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability" + }, + { + "refsource": "MISC", + "name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/", + "url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/" } ] } diff --git a/2020/11xxx/CVE-2020-11453.json b/2020/11xxx/CVE-2020-11453.json index 5fbc348f841..2f691ea7451 100644 --- a/2020/11xxx/CVE-2020-11453.json +++ b/2020/11xxx/CVE-2020-11453.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11453", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11453", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability", + "refsource": "MISC", + "name": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability" + }, + { + "refsource": "MISC", + "name": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/", + "url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/" } ] } diff --git a/2020/11xxx/CVE-2020-11492.json b/2020/11xxx/CVE-2020-11492.json new file mode 100644 index 00000000000..88b9cc8c8b6 --- /dev/null +++ b/2020/11xxx/CVE-2020-11492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1773.json b/2020/1xxx/CVE-2020-1773.json index 1c01614aada..ae7555c969a 100644 --- a/2020/1xxx/CVE-2020-1773.json +++ b/2020/1xxx/CVE-2020-1773.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "OTRS AG", "product": { "product_data": [ { @@ -17,14 +18,10 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "5.0.x", - "version_value": "5.0.41" + "version_value": "5.0.41 and prior" }, { - "version_affected": "<=", - "version_name": "6.0.x", - "version_value": "6.0.26" + "version_value": "6.0.26 and prior" } ] } @@ -34,16 +31,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "7.0.x", - "version_value": "7.0.15" + "version_value": "7.0.15 and prior" } ] } } ] - }, - "vendor_name": "OTRS AG" + } } ] } @@ -61,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords.\n\n\nThis issue affects\n((OTRS)) Community Edition:\n5.0.41 and prior versions, \n6.0.26 and prior versions.\n\nOTRS;\n7.0.15 and prior versions. " + "value": "An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions." } ] },