admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-01-11 20:01:05 +00:00
parent 97a6187bf2
commit 517cdd5c69
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 260 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/43xxx/CVE-2021-43052.json
View File

@ -97,6 +97,11 @@
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43052",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43052"
}
]
},

5
2021/43xxx/CVE-2021-43053.json
View File

@ -97,6 +97,11 @@
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43053",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43053"
}
]
},

5
2021/43xxx/CVE-2021-43054.json
View File

@ -97,6 +97,11 @@
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-eftl-2021-43054",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-eftl-2021-43054"
}
]
},

5
2021/43xxx/CVE-2021-43055.json
View File

@ -97,6 +97,11 @@
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"refsource": "CONFIRM",
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-eftl-2021-43055",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-eftl-2021-43055"
}
]
},

66
2021/43xxx/CVE-2021-43971.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43971",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sysaid.com/it-service-management-software/incident-management",
"refsource": "MISC",
"name": "https://www.sysaid.com/it-service-management-software/incident-management"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md",
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md"
},
{
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md",
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md"
}
]
}

66
2021/43xxx/CVE-2021-43972.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43972",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sysaid.com/it-service-management-software/incident-management",
"refsource": "MISC",
"name": "https://www.sysaid.com/it-service-management-software/incident-management"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md",
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md"
},
{
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md",
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md"
}
]
}

66
2021/43xxx/CVE-2021-43973.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sysaid.com/it-service-management-software/incident-management",
"refsource": "MISC",
"name": "https://www.sysaid.com/it-service-management-software/incident-management"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md",
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md"
},
{
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md",
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md"
}
]
}

66
2021/43xxx/CVE-2021-43974.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sysaid.com/it-service-management-software/incident-management",
"refsource": "MISC",
"name": "https://www.sysaid.com/it-service-management-software/incident-management"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md",
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md"
},
{
"refsource": "MISC",
"name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md",
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md"
}
]
}