Update CVE-2021-29115.json

2025-06-12 02:05:39 +00:00 · 2021-12-06 15:32:04 -05:00 · 2021-12-06 15:32:04 -05:00 · 4bc144ab12
commit 4bc144ab12
parent 3698010e10
1 changed files with 81 additions and 17 deletions
--- a/2021/29xxx/CVE-2021-29115.json
+++ b/2021/29xxx/CVE-2021-29115.json
@ -1,18 +1,82 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-29115",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta": {
+		"ASSIGNER": "PSIRT@esri.com",
+		"DATE_PUBLIC": "2021-12-06",
+		"ID": "CVE-2021-29115",
+		"STATE": "PUBLIC",
+		"TITLE": "An information disclosure vulnerability"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [{
+				"product": {
+					"product_data": [{
+						"product_name": "ArcGIS Server",
+						"version": {
+							"version_data": [{
+								"platform": "x64",
+								"version_affected": "<=",
+								"version_name": "All",
+								"version_value": "10.9.0"
+							}]
+						}
+					}]
+				},
+				"vendor_name": "Esri"
+			}]
+		}
+	},
+	"data_format": "MITRE",
+	"data_type": "CVE",
+	"data_version": "4.0",
+	"description": {
+		"description_data": [{
+			"lang": "eng",
+			"value": "An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features."
+		}]
+	},
+	"generator": {
+		"engine": "Vulnogram 0.0.8"
+	},
+	"impact": {
+		"cvss": {
+			"attackComplexity": "LOW",
+			"attackVector": "NETWORK",
+			"availabilityImpact": "NONE",
+			"baseScore": 5.3,
+			"baseSeverity": "MEDIUM",
+			"confidentialityImpact": "LOW",
+			"integrityImpact": "NONE",
+			"privilegesRequired": "NONE",
+			"scope": "UNCHANGED",
+			"userInteraction": "NONE",
+			"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+			"version": "3.0"
+		}
+	},
+	"problemtype": {
+		"problemtype_data": [{
+			"description": [{
+				"lang": "eng",
+				"value": "CWE-200 Information Exposure"
+			}]
+		}]
+	},
+	"references": {
+		"reference_data": [{
+			"name": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available",
+			"refsource": "CONFIRM",
+			"url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available"
+		}]
+	},
+	"source": {
+		"defect": [
+			"BUG-000142204"
+		],
+		"discovery": "UNKNOWN"
+	},
+	"work_around": [{
+		"lang": "eng",
+		"value": "Options to address this issue include securing the hosted feature service and any created views. "
+	}]
+}