From 50347176f859e827231b254844525bf323587c4f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 5 Oct 2021 18:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/0xxx/CVE-2019-0205.json | 5 + 2021/35xxx/CVE-2021-35497.json | 810 ++++++++++++++++----------------- 2021/36xxx/CVE-2021-36160.json | 5 + 2021/40xxx/CVE-2021-40530.json | 5 + 2021/41xxx/CVE-2021-41113.json | 2 +- 2021/42xxx/CVE-2021-42010.json | 18 + 6 files changed, 439 insertions(+), 406 deletions(-) create mode 100644 2021/42xxx/CVE-2021-42010.json diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index 89c70f755b0..757e2ab0171 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -248,6 +248,11 @@ "refsource": "MLIST", "name": "[cassandra-user] 20211004 Re: Vulnerability in libthrift library (CVE-2019-0205)", "url": "https://lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625@%3Cuser.cassandra.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cassandra-user] 20211005 Re: Vulnerability in libthrift library (CVE-2019-0205)", + "url": "https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575@%3Cuser.cassandra.apache.org%3E" } ] }, diff --git a/2021/35xxx/CVE-2021-35497.json b/2021/35xxx/CVE-2021-35497.json index 344ac828c54..0ba83d44269 100644 --- a/2021/35xxx/CVE-2021-35497.json +++ b/2021/35xxx/CVE-2021-35497.json @@ -1,406 +1,406 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-10-05T17:00:00Z", - "ID": "CVE-2021-35497", - "STATE": "PUBLIC", - "TITLE": "TIBCO FTL unvalidated SAN in client certificates" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO ActiveSpaces - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.3.0" - }, - { - "version_affected": "=", - "version_value": "4.4.0" - }, - { - "version_affected": "=", - "version_value": "4.5.0" - }, - { - "version_affected": "=", - "version_value": "4.6.0" - }, - { - "version_affected": "=", - "version_value": "4.6.1" - }, - { - "version_affected": "=", - "version_value": "4.6.2" - } - ] - } - }, - { - "product_name": "TIBCO ActiveSpaces - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.3.0" - }, - { - "version_affected": "=", - "version_value": "4.4.0" - }, - { - "version_affected": "=", - "version_value": "4.5.0" - }, - { - "version_affected": "=", - "version_value": "4.6.0" - }, - { - "version_affected": "=", - "version_value": "4.6.1" - }, - { - "version_affected": "=", - "version_value": "4.6.2" - } - ] - } - }, - { - "product_name": "TIBCO ActiveSpaces - Enterprise Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "4.3.0" - }, - { - "version_affected": "=", - "version_value": "4.4.0" - }, - { - "version_affected": "=", - "version_value": "4.5.0" - }, - { - "version_affected": "=", - "version_value": "4.6.0" - }, - { - "version_affected": "=", - "version_value": "4.6.1" - }, - { - "version_affected": "=", - "version_value": "4.6.2" - } - ] - } - }, - { - "product_name": "TIBCO FTL - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.2.0" - }, - { - "version_affected": "=", - "version_value": "6.3.0" - }, - { - "version_affected": "=", - "version_value": "6.3.1" - }, - { - "version_affected": "=", - "version_value": "6.4.0" - }, - { - "version_affected": "=", - "version_value": "6.5.0" - }, - { - "version_affected": "=", - "version_value": "6.6.0" - }, - { - "version_affected": "=", - "version_value": "6.6.1" - }, - { - "version_affected": "=", - "version_value": "6.7.0" - } - ] - } - }, - { - "product_name": "TIBCO FTL - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.2.0" - }, - { - "version_affected": "=", - "version_value": "6.3.0" - }, - { - "version_affected": "=", - "version_value": "6.3.1" - }, - { - "version_affected": "=", - "version_value": "6.4.0" - }, - { - "version_affected": "=", - "version_value": "6.5.0" - }, - { - "version_affected": "=", - "version_value": "6.6.0" - }, - { - "version_affected": "=", - "version_value": "6.6.1" - }, - { - "version_affected": "=", - "version_value": "6.7.0" - } - ] - } - }, - { - "product_name": "TIBCO FTL - Enterprise Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.2.0" - }, - { - "version_affected": "=", - "version_value": "6.3.0" - }, - { - "version_affected": "=", - "version_value": "6.3.1" - }, - { - "version_affected": "=", - "version_value": "6.4.0" - }, - { - "version_affected": "=", - "version_value": "6.5.0" - }, - { - "version_affected": "=", - "version_value": "6.6.0" - }, - { - "version_affected": "=", - "version_value": "6.6.1" - }, - { - "version_affected": "=", - "version_value": "6.7.0" - } - ] - } - }, - { - "product_name": "TIBCO eFTL - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.2.0" - }, - { - "version_affected": "=", - "version_value": "6.3.0" - }, - { - "version_affected": "=", - "version_value": "6.3.1" - }, - { - "version_affected": "=", - "version_value": "6.4.0" - }, - { - "version_affected": "=", - "version_value": "6.5.0" - }, - { - "version_affected": "=", - "version_value": "6.6.0" - }, - { - "version_affected": "=", - "version_value": "6.6.1" - }, - { - "version_affected": "=", - "version_value": "6.7.0" - } - ] - } - }, - { - "product_name": "TIBCO eFTL - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.2.0" - }, - { - "version_affected": "=", - "version_value": "6.3.0" - }, - { - "version_affected": "=", - "version_value": "6.3.1" - }, - { - "version_affected": "=", - "version_value": "6.4.0" - }, - { - "version_affected": "=", - "version_value": "6.5.0" - }, - { - "version_affected": "=", - "version_value": "6.6.0" - }, - { - "version_affected": "=", - "version_value": "6.6.1" - }, - { - "version_affected": "=", - "version_value": "6.7.0" - } - ] - } - }, - { - "product_name": "TIBCO eFTL - Enterprise Edition", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "6.2.0" - }, - { - "version_affected": "=", - "version_value": "6.3.0" - }, - { - "version_affected": "=", - "version_value": "6.3.1" - }, - { - "version_affected": "=", - "version_value": "6.4.0" - }, - { - "version_affected": "=", - "version_value": "6.5.0" - }, - { - "version_affected": "=", - "version_value": "6.6.0" - }, - { - "version_affected": "=", - "version_value": "6.6.1" - }, - { - "version_affected": "=", - "version_value": "6.7.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges.\n\nAffected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the theoretical possibility that a malicious non-administrative user can gain full administrative access to the affected system." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "https://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Developer Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Enterprise Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO FTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later" - } - ], - "source": { - "discovery": "INTERNAL" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-10-05T17:00:00Z", + "ID": "CVE-2021-35497", + "STATE": "PUBLIC", + "TITLE": "TIBCO FTL unvalidated SAN in client certificates" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO ActiveSpaces - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.0" + }, + { + "version_affected": "=", + "version_value": "4.4.0" + }, + { + "version_affected": "=", + "version_value": "4.5.0" + }, + { + "version_affected": "=", + "version_value": "4.6.0" + }, + { + "version_affected": "=", + "version_value": "4.6.1" + }, + { + "version_affected": "=", + "version_value": "4.6.2" + } + ] + } + }, + { + "product_name": "TIBCO ActiveSpaces - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.0" + }, + { + "version_affected": "=", + "version_value": "4.4.0" + }, + { + "version_affected": "=", + "version_value": "4.5.0" + }, + { + "version_affected": "=", + "version_value": "4.6.0" + }, + { + "version_affected": "=", + "version_value": "4.6.1" + }, + { + "version_affected": "=", + "version_value": "4.6.2" + } + ] + } + }, + { + "product_name": "TIBCO ActiveSpaces - Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.3.0" + }, + { + "version_affected": "=", + "version_value": "4.4.0" + }, + { + "version_affected": "=", + "version_value": "4.5.0" + }, + { + "version_affected": "=", + "version_value": "4.6.0" + }, + { + "version_affected": "=", + "version_value": "4.6.1" + }, + { + "version_affected": "=", + "version_value": "4.6.2" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.0" + }, + { + "version_affected": "=", + "version_value": "6.3.0" + }, + { + "version_affected": "=", + "version_value": "6.3.1" + }, + { + "version_affected": "=", + "version_value": "6.4.0" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.6.0" + }, + { + "version_affected": "=", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_value": "6.7.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.0" + }, + { + "version_affected": "=", + "version_value": "6.3.0" + }, + { + "version_affected": "=", + "version_value": "6.3.1" + }, + { + "version_affected": "=", + "version_value": "6.4.0" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.6.0" + }, + { + "version_affected": "=", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_value": "6.7.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.0" + }, + { + "version_affected": "=", + "version_value": "6.3.0" + }, + { + "version_affected": "=", + "version_value": "6.3.1" + }, + { + "version_affected": "=", + "version_value": "6.4.0" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.6.0" + }, + { + "version_affected": "=", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_value": "6.7.0" + } + ] + } + }, + { + "product_name": "TIBCO eFTL - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.0" + }, + { + "version_affected": "=", + "version_value": "6.3.0" + }, + { + "version_affected": "=", + "version_value": "6.3.1" + }, + { + "version_affected": "=", + "version_value": "6.4.0" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.6.0" + }, + { + "version_affected": "=", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_value": "6.7.0" + } + ] + } + }, + { + "product_name": "TIBCO eFTL - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.0" + }, + { + "version_affected": "=", + "version_value": "6.3.0" + }, + { + "version_affected": "=", + "version_value": "6.3.1" + }, + { + "version_affected": "=", + "version_value": "6.4.0" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.6.0" + }, + { + "version_affected": "=", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_value": "6.7.0" + } + ] + } + }, + { + "product_name": "TIBCO eFTL - Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.0" + }, + { + "version_affected": "=", + "version_value": "6.3.0" + }, + { + "version_affected": "=", + "version_value": "6.3.1" + }, + { + "version_affected": "=", + "version_value": "6.4.0" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.6.0" + }, + { + "version_affected": "=", + "version_value": "6.6.1" + }, + { + "version_affected": "=", + "version_value": "6.7.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that a malicious non-administrative user can gain full administrative access to the affected system." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Developer Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Enterprise Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO FTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later" + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36160.json b/2021/36xxx/CVE-2021-36160.json index 4b1956ea7e8..fd62e2e3cf9 100644 --- a/2021/36xxx/CVE-2021-36160.json +++ b/2021/36xxx/CVE-2021-36160.json @@ -123,6 +123,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210929 [SECURITY] [DLA 2768-1] uwsgi security update", "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html" + }, + { + "refsource": "MLIST", + "name": "[httpd-bugs] 20211005 [Bug 65616] New: CVE-2021-36160 regression", + "url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3Cbugs.httpd.apache.org%3E" } ] }, diff --git a/2021/40xxx/CVE-2021-40530.json b/2021/40xxx/CVE-2021-40530.json index 5fd70326570..11b0b457013 100644 --- a/2021/40xxx/CVE-2021-40530.json +++ b/2021/40xxx/CVE-2021-40530.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-a381a721a9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57OJA2K5AHX5HAU2QBDRWLGIIUX7GASC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-6788250ea4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJYOZGWI7TD27SEXILSM6VUTPPEICDL7/" } ] } diff --git a/2021/41xxx/CVE-2021-41113.json b/2021/41xxx/CVE-2021-41113.json index ee3933b59bf..e0a82c528d6 100644 --- a/2021/41xxx/CVE-2021-41113.json +++ b/2021/41xxx/CVE-2021-41113.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described.\n" + "value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described." } ] }, diff --git a/2021/42xxx/CVE-2021-42010.json b/2021/42xxx/CVE-2021-42010.json new file mode 100644 index 00000000000..8e5f335f0e3 --- /dev/null +++ b/2021/42xxx/CVE-2021-42010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file