From 53f58a4cc22d6eaae239c6c6d08c009caa87c738 Mon Sep 17 00:00:00 2001 From: Will Dormann Date: Fri, 3 Jan 2020 16:27:14 -0500 Subject: [PATCH] Add entries for VU#873161 --- 2019/9xxx/CVE-2019-9537.json | 60 +++++++++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9538.json | 60 +++++++++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9539.json | 60 +++++++++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9540.json | 60 +++++++++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9541.json | 60 +++++++++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9542.json | 60 +++++++++++++++++++++++++++++++++--- 6 files changed, 336 insertions(+), 24 deletions(-) diff --git a/2019/9xxx/CVE-2019-9537.json b/2019/9xxx/CVE-2019-9537.json index 8766aac2704..277668642d5 100644 --- a/2019/9xxx/CVE-2019-9537.json +++ b/2019/9xxx/CVE-2019-9537.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9537", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Telos Automated Message Handling System reflected XSS in uploaditem.asp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automated Message Handling System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "Telos" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,35 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#873161", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/873161/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2019/9xxx/CVE-2019-9538.json b/2019/9xxx/CVE-2019-9538.json index 173247d9624..7265e0a6e22 100644 --- a/2019/9xxx/CVE-2019-9538.json +++ b/2019/9xxx/CVE-2019-9538.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9538", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automated Message Handling System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "Telos" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,35 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#873161", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/873161/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2019/9xxx/CVE-2019-9539.json b/2019/9xxx/CVE-2019-9539.json index c5ea5c819f6..2089f0e7ee0 100644 --- a/2019/9xxx/CVE-2019-9539.json +++ b/2019/9xxx/CVE-2019-9539.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9539", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automated Message Handling System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "Telos" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,35 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#873161", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/873161/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2019/9xxx/CVE-2019-9540.json b/2019/9xxx/CVE-2019-9540.json index 20f2388275c..7412cc53d7a 100644 --- a/2019/9xxx/CVE-2019-9540.json +++ b/2019/9xxx/CVE-2019-9540.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9540", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Telos Automated Message Handling System reflected XSS in prefs.asp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automated Message Handling System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "Telos" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,35 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#873161", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/873161/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2019/9xxx/CVE-2019-9541.json b/2019/9xxx/CVE-2019-9541.json index 98adc65c81d..65e7b149bb1 100644 --- a/2019/9xxx/CVE-2019-9541.json +++ b/2019/9xxx/CVE-2019-9541.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9541", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Telos Automated Message Handling System information disclosure in itemlookup.asp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automated Message Handling System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "Telos" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,35 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#873161", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/873161/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2019/9xxx/CVE-2019-9542.json b/2019/9xxx/CVE-2019-9542.json index 77d26552fb9..b597c0533a5 100644 --- a/2019/9xxx/CVE-2019-9542.json +++ b/2019/9xxx/CVE-2019-9542.json @@ -1,8 +1,33 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9542", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Telos Automated Message Handling System reflected XSS in itemlookup.asp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automated Message Handling System", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.1.5.5" + } + ] + } + } + ] + }, + "vendor_name": "Telos" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +36,35 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#873161", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/873161/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} \ No newline at end of file +}